Data transfer system, data transfer apparatus, data recording apparatus, data transfer method

ABSTRACT

A data transfer apparatus referred to as a primary-recording-medium apparatus implements proper system operations by acquisition of information on a secondary recording medium mounted on a secondary-recording-medium apparatus to serve as a destination of a transfer (or a check-out) of a content. If a medium adopting its own unique management technique as is the case with a mini disc is used as the secondary recording medium serving as a destination of a check-out, the primary-recording-medium apparatus acquires information on the secondary recording medium from the secondary-recording-medium apparatus, which is typically a data-recording apparatus. The information includes an indicator as to whether or not the secondary recording medium has been mounted on the data-recording apparatus, the name of the secondary recording medium, the name of each content stored in the secondary recording medium, the number of contents stored in the secondary recording medium and attributes of each content stored in the secondary recording medium.

TECHNICAL FIELD

[0001] The present invention relates to a data transfer system, a datatransfer apparatus, a data-recording apparatus and a data transfermethod that are well suitable for transferring and/or recording contentdata such as music.

BACKGROUND ART

[0002] In typical usage of content data such as music, the data storedin a primary recording medium such as an HDD (hard disk drive) of apersonal computer is transferred to another recording medium used as asecondary recording medium so as to allow the data reproduced from thesecondary recording medium to be enjoyed. It is to be noted that thecontent data includes musical data, video data, game data and computersoftware, which are provided mainly for distribution, transfer andutilization purposes.

[0003] In this case, the HDD employed in the personal computer is usedfor storing content data such as music reproduced from a packagerecording medium such as a CDDA (Compact Disc Digital Audio) and a DVD(Digital Versatile Disc) or used for storing content data downloadedfrom an external musical server or the like by way of a communicationnetwork to the personal computer, which is connected to the network.Then, the user connects the personal computer to a recording apparatusfor recording data onto the secondary recording medium, and copies ormoves content data from the HDD to the secondary recording medium. Inorder to enjoy the content data, a reproduction apparatus is used toreproduce the data from the secondary recording medium.

[0004] Conceivable examples of the secondary recording medium are amemory card employing a semiconductor memory such as a flash memory, amini disc used as a magneto-optical disc, a CD-R (CD-Recordable), aCD-RW (CD-Rewritable), a DVD-RAM, a DVD-R and a DVD-RW.

[0005] As a recording apparatus and a reproduction apparatus for thesecondary recording medium, respectively, a recorder and a player forthese recording mediums including the semiconductor memory, the minidisc, the CD-R, the CD-RW, the DVD-RAM, the DVD-R and the DVD-RW havebeen becoming very popular. The recorder and the player are designedinto a variety of implementations such as a stationaryrecording/reproduction apparatus and a portable recording/reproductionapparatus. The user can thus record and reproduce content data by usingan implementation of the recorder and the player that is a favorite withthe user or matches an apparatus already owned by the user.

[0006] It is to be noted that, when considering such usage of contentdata, for example, protection of copyrights of the content data must betaken into account. Assume for example that the user obtains contentdata by using a service to distribute the content data or by purchasinga package medium containing the content data and, after storing thecontent data into an HDD, the user is allowed to copy the content datato secondary recording mediums without any limitation. In this case,such usage of the content data results in a condition in which the ownerof the copyright is not properly protected. In order to solve thisproblem, there have been proposed a variety of agreements andtechnologies for assuring protection of copyrights in handling contentdata as digital data. One of the agreements is a standard called an SDMI(Secure Digital Music Initiative).

[0007] A data path prescribed in the SDMI standard will be describedlater. At any rate, a content stored in an HDD employed in a personalcomputer as a primary recording medium can be properly transferred to orrecorded onto a secondary recording medium after protection of acopyright and benefits of general users are taken into consideration.The benefits include a right to privately copy the content. Examples ofthe content stored in the HDD include a network content and a disccontent. The network content is content data distributed by an externalserver to the personal computer by way of typically a network to bestored in the HDD. On the other hand, a disc content is read out from apackage recording medium to be stored in the HDD. As described above,examples of the package recording medium are a CD-DA and a DVD. Thepackage recording medium is mounted on a disc drive for reproducing thedisc content. Typically, the disc drive is embedded in the personalcomputer or connected to the personal computer. Examples of the discdrive include a CD-ROM drive.

[0008] By the way, when content data is transferred in a copy operationfrom a primary recording medium such as an HDD to a secondary recordingmedium such as a mini disc or a memory card, measures are taken tosatisfy protection of both a copyright and a private copying right.

[0009] In order to satisfy such protection, data is transferred from asecondary recording medium conforming to the SDMI standard as follows.

[0010] A secondary recording medium conforming to the SDMI standard isassumed to be a recording medium including a memory card employing asemiconductor memory such as a flash memory in conformity with the SDMIstandard. Such a secondary recording medium is used for storing acontent in an encrypted state. In a primary recording medium like anHDD, for example, a content conforming to the SDMI standard is stored inan encrypted state so that such a content will be copied to a secondaryrecording medium also in the encrypted state as it is.

[0011] It is needless to say that a reproduction apparatus provided forsuch a secondary recording medium has a decryption function allowingcontent data copied to the secondary recording medium in an encryptedstate to be reproduced.

[0012] In a secondary recording medium conforming to the SDMI standard,a recording format includes an area for recording a content ID used asan identifier for identifying each piece of content data.

[0013] A content ID is generated for each piece of content data storedin the primary recording medium such as an HDD employed in an apparatusfor the primary recording medium and is stored along with the piece ofcontent data. When content data is copied to a secondary recordingmedium, a content ID identifying the content data is also stored in thesecondary recording medium.

[0014] Content IDs are used for managing content rights in primary andsecondary recording mediums. A content right of a content in a primaryrecording medium is a right to transfer the content from the primaryrecording medium to a secondary recording medium in an operation to copythe content to the secondary recording medium. On the other hand, acontent right of a content in a secondary recording medium is a right toreproduce the content from the secondary recording medium.

[0015] It is to be noted that, in the following description, a transferof content data (a transfer of a right) from a primary recording mediumto a secondary recording medium is referred to as a check-out. On theother hand, a transfer of content data (in actuality, a transfer of aright only) from a secondary recording medium to a primary recordingmedium is referred to as a check-in.

[0016] In accordance with the SDMI standard, transfer usage rules areestablished for check-outs and check-ins.

[0017] For example, for a piece of content data, only up to threecheck-outs from a primary recording medium to a secondary recordingmedium are allowed. Thus, a transfer right allows the piece of contentdata to be transferred up to three times.

[0018] In a check-out, a right is also transferred from a primaryrecording medium to a secondary recording medium. Thus, the transferright in the primary recording medium now allows the piece of data to betransferred only up to two times. On the other hand, a reproductionright is given to the secondary recording medium.

[0019] In a check-in, on the other hand, a right is returned from asecondary recording medium to a primary recording medium. Thus, thesecondary recording medium loses a reproduction right while onetransferred right is restored to the primary recording medium.

[0020] Such check-outs and such check-ins are managed for each piece ofcontent data by using a content ID for identifying the piece of contentdata.

[0021] In addition, in a check-out, a piece of content data and acontent ID for identifying the piece of content data are recorded onto asecondary recording medium. The secondary recording medium is given areproduction right to reproduce the piece of content data. On the otherhand, the primary recording medium is considered to have transferred onecontent ID and lost one transfer right in accordance with the usagerules.

[0022] In a check-in, on the other hand, no content data is actuallyreturned. Instead, the content data is merely erased from the secondaryrecording medium, and the content ID is returned to the primaryrecording medium to increment the number of transfer rights prescribedby the usage rules by one. The secondary recording medium loses thereproduction right to reproduce the content data.

[0023] As described above, content data is copied to a secondaryrecording medium conforming to the SDMI standard in an encrypted stateto be stored into the recording medium also in an encrypted state, andcontent rights are managed in the event of a check-out or a check-in inorder to prevent content data to be copied an unlimited number of timesand to protect copyrights as well as to assure the private-copy right ofthe user at the same time.

[0024] It is to be noted that content data downloaded from typically anexternal server to an HDD serving as a primary recording medium isstored in the HDD in a state of being encrypted by using a content keyCK.

[0025] In this specification, content data stored in the HDD is assumedto have been obtained as a result of compressing original content databy adoption of an ATRAC3 technique or another compression technique andencrypting the compressed data A3D by using the content key CK. In thisspecification, notation E (x, y) denotes encrypted data obtained as aresult of encrypting data y by using a key x.

[0026] On the other hand, notation D {x, E (x, y)} denoted decrypteddata obtained as a result of decrypting encrypted data E (x, y) by usingthe key x.

[0027] Thus, the content data obtained as a result of compressingoriginal content data and encrypting the compressed data A3D by usingthe content key CK can be expressed by notation:

[0028] E (CK, A3D)

[0029] On the other hand, decrypted data obtained as a result of thedecrypting encrypted data E (CK, A3D) by using the key CK is expressedby notation:

[0030] D {CK, E (CK, A3D)}

[0031] In addition to the encrypted content data E (CK, A3D), the HDDserving as the primary recording medium is also used for storing E (KR,CK), which is the content key CK in a state of being encrypted by usinga root key KR. Thus, in the case of encrypted content data E (CK, A3D)downloaded from an external server, for example, the encrypted contentkey E (KR, CK) is also downloaded from the server.

[0032] In this case, in a check-out of the encrypted content data E (CK,A3D) to a secondary recording medium, the encrypted content data E (CK,A3D) and the encrypted content key E (KR, CK) need to be transferredfrom the HDD serving as the primary recording medium to the secondaryrecording medium.

[0033] The apparatus for the secondary recording medium holds the rootkey KR for decrypting the encrypted content key E (KR, CK) to producethe original content key CK. The content CK is then used for decryptingthe encrypted content data E (CK, A3D) to produce the original contentdata A3D.

[0034] In accordance to the will of the copyright owner or for a varietyof reasons, however, the root key KR can be changed. That is to say, aroot key KR can be set for each piece of content data. In addition,there is provided a function for imposing restrictions on targets ofcontent distribution by processing of the root key KR. This functionwill be described later concretely.

[0035] Thus, in some cases, data called an EKB (Enabling Key Block) isdistributed. In addition, in some cases, a regular terminal forreceiving transferred content data adopts a technique for confirming aroot key by using an EKB. That is to say, an EKB is distributed from aserver to be stored in an HDD along with encrypted content data and anencrypted content key.

[0036] Consider a case in which a mini disc (or a magneto-optical disc),which has been becoming very popular, is used as a secondary recordingmedium in a mini-disc recording apparatus conforming to the SDMIstandard. In this case, encrypted content data E (CK, A3D) transferredto the mini disc in a check-out is stored in the mini disc in anencrypted state as it is.

[0037] Then, in a reproduction operation, the mini-disc recordingapparatus conforming to the SDMI standard decrypts the encrypted contentdata E (CK, A3D) to produce the content data-D {CK, E (CK, A3D)}=A3D,which is the content data compressed by adoption of the ATRAC3compression technique. Then, the mini-disc recording apparatus carriesout a predetermined decoding process on the compressed content data A3Dto output reproduced data such as music.

[0038] In a mini disc used in an ordinary mini-disc system, which hasbeen becoming popular too, on the other hand, data is stored not in anencrypted state. Thus, as a mini-disc reproduction apparatus, themini-disc system naturally does not have a decryption function.

[0039] As a result, content data recorded in a mini disc by themini-disc recording apparatus conforming to the SDMI standard cannot bereproduced by most of mini-disc players, which do not conform to theSDMI standard. That is to say, the content data recorded in a mini discby the mini-disc recording apparatus conforming to the SDMI standard isnot reproduction-compatible with the mini-disc players.

[0040] This means that correct use of an SDMI content purchased by thegeneral user is limited and the value of the service to provide an SDMIcontent to the ordinary user as well as the level of user satisfactionwith the service are hence reduced considerably.

[0041] In order to solve the problem described above, in a recordingoperation to copy an SDMI content to a secondary recording medium suchas a mini disc mounted on a mini-disc recording apparatus not conformingto the SDMI standard, the SDMI content is decrypted so that the contentcan be stored in the mini disc in an unencrypted state as it is.

[0042] If such a copy operation can be carried out, however, it ispossible to copy content data with ease. Such a copy operation alsoleaves room for possible illegal copies, resulting in a fear ofimpossibility to implement copyright protection, which is the originalobjective of the SDMI standard.

[0043] In order to solve the problem described above, as a method oftransferring content data, the applicant of a patent for the presentinvention has proposed a content transfer technique described asfollows.

[0044] In an operation to transfer content data, a data transferapparatus serving as a primary-recording-medium apparatus authenticatesa data-recording apparatus used as a secondary-recording-mediumapparatus to serve as a transfer destination. If the result of theauthentication is OK, the transfer of the content data is allowed on thecondition that the content provider (such as the copyright owner)approves the transfer. Then, the content data is transmitted in anencrypted state through a transmission line and the encrypted contentdata is decrypted before being stored in a secondary recording medium.In addition, rights are managed for check-outs and check-ins.

[0045] In this way, since an operation to copy and record content datain an unencrypted state is permitted, more convenience is offered to theuser without losing the function to protect a copyright.

[0046] By adoption of such a technique in a system including a personalcomputer used as the data transfer apparatus and a mini-disc recorderused as a data-recording apparatus, a transfer of a content from aprimary recording medium implemented by an HDD employed in the personalcomputer to a secondary recording medium implemented by a mini discmounted on the mini-disc recorder is actually well suitable for both thecontent provider and the user.

[0047] By using a medium such as a mini disc, which has been becomingpopular in general, as the destination of a check-out described above,the usefulness of the mini disc in practical use is increased. However,there are cases in which the data transfer apparatus such as a personalcomputer may not be capable of recognizing the condition or otherattributes of a medium adopting its own unique data management method.An example of the medium adopting its own unique data management methodis a mini disc.

[0048] For instance, content data recorded in a memory card given as anexample of a medium conforming to the SDMI standard is managed by usinga FAT so that the memory card is well compatible with a personalcomputer. That is to say, the personal computer serving as a datatransfer apparatus is capable of obtaining information on the state ofthe memory card connected as a removable medium used as a destination ina check-out by merely reading out a FAT from the card. The state of thememory card typically includes the storage capacity of the card and thenumber of contents recorded on the card.

[0049] Thus, when it is desired to transfer out certain content data tothe memory card in a check-out, it is possible to form a judgment as towhether or not the content data can be transferred out to the memorycard on the basis of the storage capacity of the card and otherinformation.

[0050] In the case of a medium developed as a medium adopting its ownunique data management method for typically audio-data applications asis the case with a mini disc, however, the personal computer is notcapable of directly obtaining information on the state of the medium sothat the judgment cannot be formed in a check-out or other operations.

[0051] Thus, when the use of a mini disc or another medium as asecondary recording medium at the destination of a check-out is assumed,the personal computer serving as a data transfer apparatus is requiredto have a method allowing the state of the mini disc or the other mediumto be recognized.

DISCLOSURE OF INVENTION

[0052] It is thus an object of the present invention addressing theproblems described above to provide a data transfer apparatus with acapability of properly recognizing a state of a secondary recordingmedium for recording content data in an unencrypted state prior to atransfer of content data in an unencrypted state between a primaryrecording medium employed in the data transfer apparatus and thesecondary recording medium.

[0053] In order to achieve the object described above, present inventionprovides a data transfer system including the data transfer apparatusand a data-recording apparatus, on which the secondary recording mediumis mounted.

[0054] The data transfer apparatus provided by the present inventionincludes primary-recording-medium drive means for recording andreproducing data onto and from a primary recording medium, storagecontrol means for controlling the primary-recording-medium drive meansto store content data onto the primary recording medium in an encryptedstate, communication means for carrying out a variety of datacommunications including a transfer of content data between the datatransfer apparatus and an external data-recording apparatus forrecording and reproducing data onto and from a secondary recordingmedium command-transmission control means for controlling thecommunication means to transmit a command making a request forinformation on the secondary recording medium to the data-recordingapparatus, and information acquisition means for obtaining theinformation on the secondary recording medium transmitted by thedata-recording apparatus.

[0055] The data transfer apparatus forms a judgment as to whether or notcontent data stored in the primary recording medium is to be transferredto the data-recording apparatus on the basis of the information on thesecondary recording medium obtained by the information acquisitionmeans.

[0056] The data-recording apparatus provided by the present inventionincludes communication means for carrying out a variety of datacommunications with an external data transfer apparatus, which includereception of content data from the data transfer apparatus,secondary-recording-medium drive means for recording and reproducingdata onto and from a secondary recording medium, decryption means fordecrypting encrypted content data received from the data transferapparatus into content data in an unencrypted state, recording controlmeans for controlling the secondary-recording-medium drive means tostore the encrypted content data decrypted by the decryption means ontothe secondary recording medium in an unencrypted state, andcommand-transmission control means for controlling the communicationmeans to transmit information on the secondary recording medium, whichis information requested by the data transfer apparatus, to the datatransfer apparatus in accordance with a command received from thedata-recording apparatus making a request for the information.

[0057] In addition, the present invention provides a data transferapparatus having a primary recording medium for storing encryptedcontent data with a data transfer method to be implemented when the datatransfer apparatus is connected to a data-recording apparatus capable ofrecording and reproducing the content data onto and from a secondaryrecording medium in an unencrypted state to make the data transferapparatus and the data-recording apparatus capable of communicating witheach other in order to execute a confirmation procedure for confirmingthat the secondary recording medium has been mounted on thedata-recording apparatus, an information acquisition procedure foracquiring information on the secondary recording medium mounted on thedata-recording apparatus, an authentication procedure for authenticatingvalidity of the data-recording apparatus as an apparatus to serve as adestination of a transfer of content data stored in the primaryrecording medium, a judgment procedure for forming a judgment as towhether or not processing is to be carried out to transfer the contentdata stored in the primary recording medium to the data-recordingapparatus on the basis of the information acquired by the informationacquisition procedure, and a transfer procedure for transferring thecontent data in accordance with a result of the judgment formed by thejudgment procedure.

[0058] In the data transfer system, the data transfer apparatus, thedata-recording apparatus and the data transfer method, the informationon a secondary recording medium includes information indicating whetheror not the secondary recording medium has been mounted on thedata-recording apparatus, information on the name of the secondaryrecording medium mounted on the data-recording apparatus, information onthe names of pieces of content data stored in the secondary recordingmedium mounted on the data-recording apparatus, information on thestorage capacity of the secondary recording medium mounted on thedata-recording apparatus, information on the number of pieces of contentdata stored in the secondary recording medium mounted on thedata-recording apparatus and information on attributes of pieces ofcontent data stored in the secondary recording medium mounted on thedata-recording apparatus.

[0059] In accordance with the present invention described above, priorto a check-out of content data from the data transfer apparatus to thedata-recording apparatus, the data transfer apparatus is capable ofacquiring information on a secondary recording medium used as thedestination of the check-out. To be more specific, the data transferapparatus is capable of obtaining information on the secondary recordingmedium such as a mini disc, which is information on the secondaryrecording medium's name, storage capacity, track count (content count),track names and attributes. Thus, the data transfer apparatus is capableof forming a proper judgment as to whether or not the check-out is to beaccomplished on the basis of the condition of the secondary recordingmedium.

BRIEF DESCRIPTION OF DRAWINGS

[0060]FIG. 1 is an explanatory diagram showing a tree structure of anencryption technique adopted by an embodiment of the present invention;

[0061]FIGS. 2A and 2B are each an explanatory diagram showing an EKB ofthe encryption technique adopted by the embodiment;

[0062]FIG. 3 is an explanatory diagram showing the structure of the EKBof the encryption technique adopted by the embodiment;

[0063]FIG. 4 is a block diagram showing the structure of a data transfersystem implemented by the embodiment;

[0064]FIG. 5 is an explanatory diagram showing typical data paths of anSDMI content according to the embodiment;

[0065]FIG. 6 is a block diagram showing a primary-recording-mediumapparatus provided by the embodiment;

[0066]FIG. 7 is a block diagram showing a secondary-recording-mediumapparatus provided by the embodiment;

[0067]FIG. 8 is an explanatory diagram showing a cluster format of amini-disc system;

[0068]FIG. 9 is an explanatory diagram showing an area structure of amini disc;

[0069]FIG. 10 is an explanatory diagram showing U-TOC (user table ofcontents) sector 0 of a mini-disc system;

[0070]FIG. 11 is an explanatory diagram showing linking in U-TOC sector0 of a mini-disc system;

[0071]FIG. 12 is an explanatory diagram showing U-TOC sector 1 of amini-disc system;

[0072]FIG. 13 shows a flowchart representing an authentication processaccording to the embodiment;

[0073]FIG. 14 is an explanatory diagram showing distributed content datato be transferred and a process to encrypt the data;

[0074]FIGS. 15A and 15B are explanatory diagrams showing a typicalencryption technique adopted by the embodiment and DNKs (device nodekeys) used in the technique;

[0075]FIG. 16 is an explanatory diagram showing a procedure adopted bythe embodiment to decrypt content data;

[0076]FIG. 17 shows a flowchart representing check-out operationscarried out by the embodiment;

[0077]FIG. 18 shows a continuation flowchart representing check-outoperations carried out by the embodiment;

[0078]FIG. 19 is an explanatory diagram showing a record-object controlcommand used in the embodiment;

[0079]FIG. 20 is an explanatory diagram showing a record-object responsecommand used in the embodiment;

[0080]FIG. 21 is an explanatory diagram showing a check-out controlcommand used in the embodiment;

[0081]FIG. 22 is an explanatory diagram showing a check-out responsecommand used in the embodiment;

[0082]FIG. 23 shows a flowchart representing check-in operations carriedout by the embodiment;

[0083]FIG. 24 is an explanatory diagram showing a check-in controlcommand used in the embodiment;

[0084]FIG. 25 is an explanatory diagram showing sub-functions of thecheck-in control command used in the embodiment;

[0085]FIG. 26 is an explanatory diagram showing a check-in responsecommand used in the embodiment;

[0086]FIG. 27 is an explanatory diagram showing generation of a contentID in the embodiment;

[0087]FIG. 28 shows a table associating content IDs in the embodiment;

[0088]FIG. 29 shows a flowchart representing operations carried out bythe embodiment to acquire medium information;

[0089]FIG. 30 shows a continuation flowchart representing operationscarried out by the embodiment to acquire medium information;

[0090]FIG. 31 is an explanatory diagram showing an inclusive log-incontrol command used in the embodiment;

[0091]FIG. 32 is an explanatory diagram showing an inclusive log-outcontrol command used in the embodiment;

[0092]FIG. 33 is an explanatory diagram showing a get-disc-statuscontrol command used in the embodiment;

[0093]FIG. 34 is an explanatory diagram showing a get-disc-statusresponse command used in the embodiment;

[0094]FIG. 35 is an explanatory diagram showing a get-disc-name controlcommand used in the embodiment;

[0095]FIG. 36 is an explanatory diagram showing a get-disc-name responsecommand used in the embodiment;

[0096]FIG. 37 is an explanatory diagram showing a get-disc-capacityinformation control command used in the embodiment;

[0097]FIG. 38 is an explanatory diagram showing a get-disc-capacityinformation response command used in the embodiment;

[0098]FIG. 39 is an explanatory diagram showing a get-disc-capacityinformation response command used in the embodiment;

[0099]FIG. 40 is an explanatory diagram showing a get-audio-track-countcontrol command used in the embodiment;

[0100]FIG. 41 is an explanatory diagram showing a get-audio-track-countresponse command used in the embodiment;

[0101]FIG. 42 is an explanatory diagram showing a get-audio-track-namescontrol command used in the embodiment;

[0102]FIG. 43 is an explanatory diagram showing a get-audio-track-namesresponse command used in the embodiment;

[0103]FIG. 44 is an explanatory diagram showing aread-info-block-for-track-attributes control command;

[0104]FIG. 45 is an explanatory diagram showing aread-info-block-for-track-attributes response command;

[0105]FIG. 46 is an explanatory diagram showing aread-info-block-for-track-mode control command;

[0106]FIG. 47 is an explanatory diagram showing aread-info-block-for-track-mode response command;

[0107]FIG. 48 is an explanatory diagram showing aread-info-block-for-track-size control command; and

[0108]FIG. 49 is an explanatory diagram showing aread-info-block-for-track-size response command.

BEST MODE FOR CARRYING OUT THE INVENTION

[0109] A preferred embodiment of the present invention is explained inparagraphs arranged in the following order.

[0110] 1. Tree Structure of Encryption Keys and EKB

[0111] 2. System Configuration

[0112] 3. Data Paths of SDMI Contents

[0113] 4. Typical Configuration of Data Transfer Apparatus(Primary-Recording-Medium Apparatus or PC)

[0114] 5. Typical Configuration of Data-Recording Apparatus(Secondary-Recording-Medium Apparatus or Recording/ReproductionApparatus)

[0115] 6. Management Technique of Mini Disc

[0116] 7. Authentication Process

[0117] 8. Content Encryption Technique

[0118] 9. Content Check-Outs/Check-Ins

[0119] 10. Generation and Management Technique of Content IDs

[0120] 11. Acquisition of Medium Information

[0121] 1. Tree Structure of Encryption Keys and EKB

[0122] First of all, before the transfer system implemented by anembodiment of the present invention is explained concretely, anorganization of encryption keys used in distribution of contents isdescribed.

[0123] To begin with, the following description explains anencryption-key ownership scheme for devices and a data distributionscheme, which are adopted when encrypted data is distributed from acontent distributor to the devices each serving as a content recipient,by referring to FIGS. 1, 2A, 2B and 3.

[0124]FIG. 1 is an explanatory diagram showing a tree structure ofencryption keys. Reference notations DV0 to DV15 at the bottom layer ofthe hierarchical tree structure shown in FIG. 1 each denote a device onthe content-recipient side. Thus, each leaf of the hierarchical treestructure corresponds to such a device.

[0125] Each of the devices DV0 to DV15 is given a set of keys at amanufacturing time, at a shipping time or thereafter. Stored in a memoryemployed in each of the devices, the set of keys given to a deviceincludes a leaf key assigned to a leaf representing the device in thehierarchical tree structure shown in FIG. 1 and node keys each assignedto a node between the leaf and the root in the hierarchical treestructure. Keys included in this key set are referred to as DNKs (DeviceNode Keys), examples of which are explained as follows.

[0126] K0000 to K1111 at the bottom layer of the hierarchical treestructure shown in FIG. 1 are leaf keys given to the devices DV0 to DV15respectively. KR is the root key assigned to the root on the top of thehierarchical tree structure. K000 to K111 are node keys assigned tonodes on a second hierarchical layer from the bottom layer. In thefollowing description, the node keys may mean node keys including rootkey KR assigned to the root.

[0127] In the hierarchical tree structure shown in FIG. 1, DNKs given todevice DV0 include a leaf key K0000, node keys K000, K00 and K0 as wellas a root key KR. The node keys K000, K00 and K0 and the root key KR,which are included in the DNKs, are each held by device DV0 in a stateof being encrypted by using the leaf key K0000.

[0128] By the same token, DNKs given to device DV5 include a leaf keyK0101, node keys K010, K01 and K0 as well as the root key KR. In thesame way, DNKs given to device DV15 include a leaf key K1111, node keysK111, K11 and K1 and the root key KR.

[0129] It is to be noted that, while only 16 devices DV0 to DV15 areshown in the tree structure shown in FIG. 1 and the tree structure isdesigned as a balanced right-left symmetrical structure having 4hierarchical layers, the tree structure may include more devices and hasa configuration with a layer count varying from portion to portion.

[0130] In addition, a variety of information-processing apparatusincluded in the tree structure shown in FIG. 1 have a variety ofrecording mediums. The information-processing apparatus are devices of avariety of types. The devices have recording mediums such as a DVD, aCD, an MD and a flash memory, which are either embedded in the devicesor can be mounted on and dismounted from the devices with a high degreeof freedom. In addition, a variety of application services may berendered for the information-processing apparatus. The tree structureshown in FIG. 1 is used for distributing contents and keys to thedevices carrying out a variety of applications.

[0131] In a system wherein these various information-processingapparatus (or devices) and application exist, let a group be set toinclude devices DV0, DV1, DV2 and DV3 using the same recording medium.In the tree structure shown in FIG. 1, the device group is enclosed by adashed line. Assume for example that, for all the devices, a contentprovider encrypts a content to be transmitted to the devices pertainingto the group enclosed by the dashed line to be used as a content commonto the devices. In this case, the content provider also transmitscontents keys to the devices to be used by the devices as keys common tothe devices. Other processing in the system includes transmission ofencrypted payment data of content fees from the devices to the contentprovider, a financial settlement institution or another enterprise. Theenterprise such as the content provider or the financial settlementinstitution carries out processing to transmit collectively data to thedevices enclosed by the dashed line, namely, DV0, DV1, DV2 and DV3. Theenterprise exchanges data with the devices, which form theaforementioned group. A plurality of such groups exists in the treestructure shown in FIG. 1. The enterprise such as the content provideror the financial settlement institution, which exchanges data with thedevices, functions as message-data distribution means.

[0132] It is to be noted that that node keys and leaf keys can also bemanaged by a single key management center in an integrated manner. As analternative, the keys can also be managed by the message-datadistribution means, which exchanges various kinds of data with groupscited above, in group units. As mentioned above, the message-datadistribution means is an enterprise such as a content provider or afinancial settlement institution. A node key and/or a leaf key arerenewed when one of them has been leaked. Processing to renew keys iscarried out by a key management center, a provider, a financialsettlement institution or another enterprise.

[0133] As is obvious from FIG. 1, in this tee structure, the 4 devices,namely, DV0, DV1, DV2 and DV3, which are included in the group, havecommon keys: node keys K00 and K0 and the root key KR. By assigningthese node and root keys to the devices DV0, DV1, DV2 and DV3 in thegroup as keys common to the devices, a common content can be provided toonly the devices.

[0134] By setting the shared node key K00 itself as a content key, forexample, a content key common to the devices DV0, DV1, DV2 and DV3 canbe set for only the devices without transmitting a new key. As analternative, a new content key CK is encrypted by using the node key K00to produce an encrypted key E (K00, CK), which is then distributed tothe devices DV0, DV1, DV2 and DV3 by way of a network, or by using arecording medium for recording the encrypted key and supplying themedium to the devices. In this way, only the devices DV0, DV1, DV2 andDV3 are capable of decrypting the encrypted key E (K00, CK) by using thenode key K00 shared thereby as a common key to produce the content keyCK.

[0135] Assume that it is discovered at a time t that keys K0011, K00,K00, K0 and KR, which are owned by the device DV3, have been analyzed bya hacker and hence exposed to the hacker. In this case, it is necessaryto detach the device DV3 from the system or, specifically, the groupincluding the devices DV0, DV1, DV2 and DV3, in order to protect dataexchanged with the system thereafter.

[0136] In addition, it is also necessary to renew the keys K001, K00, K0and KR to keys K(t)001, K(t)00, K(t)0 and K(t)R respectively and totransmit the renewed keys K(t)001, K(t)00, K(t)0 and K(t)R to thedevices DV0, DV1 and DV2. It is to be noted that notation K(t)aaadenotes a key Kaaa's renewed key of a t generation.

[0137] It is needless to say that, in a distribution of a content, nodekeys and the root key KR may also be renewed in some cases for a varietyof reasons including a desire of the copyright owner and a state oftransmission to the system.

[0138] Thus, when a key is renewed, it is necessary to transmit therenewed key to regular devices owning the pre-renew key.

[0139] Next, processing to distribute renewed keys is explained. Updatedkeys are organized and transmitted by using a table like one shown inFIG. 2A. The table is transmitted to a device by way of a network, or bystoring the table in a recording medium and providing the medium to thedevice. The table contains a block data called an EKB (Enabling KeyBlock). If the device DV3 is detached from the system as describedabove, for example, the EKB is supplied to the devices DV0, DV1 and DV2.

[0140] It is to be noted that the EKB contains encrypted keys obtainedas results of encrypting new keys to be distributed to some devices atleaves of a tree structure like the one shown in FIG. 1. The EKB is alsoreferred to as a KRB (Key Renewal Block).

[0141] The block data of the EKB shown in FIG. 2A includes encryptedrenewed node keys that can be decrypted by devices needing the renewednode keys. The typical EKBs shown in FIGS. 2A and 2B are each block datacreated for the purpose of distributing renewed node keys of the tgeneration to the devices DV0, DV1 and DV2 in the tree structure shownin FIG. 1.

[0142] Assume that the keys K001, K001, K00, K0 and KR have beenillegally exposed to unauthorized person. In this case, the devices DV0and DV1 require renewed keys K(t)00, K(t)0 and K(t)R whereas the deviceDV2 requires renewed keys K(t)001, KT00, K(t)0 and K(t)R.

[0143] As shown in FIG. 2A, the EKB includes a plurality of encryptedrenewed keys. An encrypted renewed key at the bottom of the EKB is E(K0010, K(t)001), which is a result of encrypting a renewed key K(t)001by using the leaf key K0010 owned by the device DV2. Thus, the deviceDV2 is capable of decrypting the encrypted renewed key E (K0010, K(t)01)by using the leaf key owned by the device itself to get the renewed nodekey K(t)001.

[0144] In addition, an encrypted renewed key E (K(t)001, K(t)00) on thesecond line from the bottom of the EKB shown in FIG. 2A can be decryptedby using the renewed node key K(t)001 to get a renewed node key K(t)00.Then, an encrypted renewed key E (K(t)00, K(t)0) on the second line fromthe top of the EKB can be decrypted by using the renewed node key K(t)00to get a renewed node key K(t)0. Finally, an encrypted renewed key E(K(t)0, K(t)R) on the top line of the EKB can be decrypted by using therenewed node key K(t)0 to get a renewed root key K(t)R.

[0145] As for the devices DV0 and DV1, the leaf keys K0000 and K0001 aswell as the node key K000 are not renewed. Thus, only the renewed keysK(t)00, K(t)0 and K(t)R are needed.

[0146] Therefore, in the case of the devices DV0 and DV1, an encryptedrenewed key E (K(t)000, K(t)00) on the third line from the top of theEKB shown in FIG. 2A can be decrypted by using the renewed node keyK(t)000 to get a renewed node key K(t)00. Then, an encrypted renewed keyE (K(t)00, K(t)0) on the second line from the top of the EKB can bedecrypted by using the renewed node key K(t)00 to get a renewed node keyK(t)0. Finally, an encrypted renewed key E (K(t)0, K(t)R) on the topline of the EKB can be decrypted by using the renewed node key K(t)0 toget a renewed root key K(t)R.

[0147] As described above, the devices DV0, DV1 and DV2 are capable ofobtaining the renewed root key K(t)R. It is to be noted that indexesincluded in the EKB shown in FIG. 2A are each an absolute address of aleaf or node key used as a decryption key for decrypting an encryptedkey on the same line as the index.

[0148] As another example, assume that the renewed root key K(t)R andthe renewed node key K(t)0 on the high hierarchical layer of the treestructure shown in FIG. 1 are not required, and only the node key K00needs to be renewed. In this case, the EKB shown in FIG. 2B can be usedfor distributing a renewed node key K(t)00 to the devices DV0, DV1 andDV2.

[0149] The EKB shown in FIG. 2B can be used typically for distributing anew content key common to devices pertaining to a specific group.

[0150] To put it concretely, the devices DV0, DV1, DV2 and DV3pertaining to the group enclosed by the dashed line in FIG. 1 share arecording medium and need a new common content key CK (t). In this case,encrypted data E (K (t)00, CK (t)) and the EKB shown in FIG. 2B aretransmitted to the devices DV0, DV1, DV2 and DV3. The encrypted data E(K (t)00, CK (t)) is a result of encrypting the new common content keyCK (t) by using a renewed node key K(t)00, which is a result of renewingthe node key K00 common to the devices DV0, DV1, DV2 and DV3.

[0151] By distributing only the encrypted data E (K (t)00, CK (t)) andthe EKB, no data can be decrypted by other devices such as the deviceDV4 pertaining to other groups.

[0152] The devices DV0, DV1 and DV2 process the EKB shown in FIG. 2B inthe same way as the processing of the EKB shown in FIG. 2A to get therenewed node key K (t)00 which is used for decrypting the encrypted dataE (K (t)00, CK (t)) to obtain the new common content key CK (t) of the tgeneration.

[0153] As described above, keys are organized to form a tree structure,and keys are renewed to be distributed to devices by using EKBs like theones described above.

[0154] By using such a key organization, the root key KR and node keyscan be renewed with ease for a variety of reasons and a content in anormal state can be distributed in a flexible manner.

[0155]FIG. 3 is a diagram showing a typical format of an EKB. The numberof node keys has a length of 4 bytes. A node-key depth also has a sizeof 4 bytes. The node-key depth is the number of hierarchical layers inthe hierarchical tree for a device serving as a destination of thedistribution of the EKB.

[0156] An EKB version also has a size of 4 bytes. It is to be noted thatan EKB version has a function identifying a most recent EKB and afunction indicating a relation with a content. A reserved field is anavailable area.

[0157] A field starting from an offset of 16 bytes is a field forstoring the EKB's actual data having a size of 16 Mbyte. The actual datais an encrypted node key or a plurality of encrypted node keys. Theseencrypted node keys are the encrypted keys explained earlier byreferring to FIGS. 2A and 2B.

[0158] In addition, the format includes an encrypted EKB version and anelectronic signature. The electronic signature is put by an EKB-issuingoffice issuing the EKB. Examples of the EKB-issuing office are a keymanagement center, a content provider and a financial settlementinstitution. A device receiving an EKB verifies that the EKB-issuingoffice issuing the EKB is valid by authentication of the signature.

[0159] 2. System Configuration

[0160] The following description explains an embodiment according to thepresent invention adopting the key organization described above.

[0161]FIG. 4 is a diagram showing a typical system configuration. Aprimary-recording-medium apparatus 1 corresponds to the data transferapparatus provided by the present invention. On the other hand, asecondary-recording-medium apparatus 20A corresponds to thedata-recording apparatus provided by the present invention. Theprimary-recording-medium apparatus 1 and the secondary-recording-mediumapparatus 20A form a data transfer system.

[0162] The primary-recording-medium apparatus 1 is implemented bytypically a personal computer. For the sake of convenience, in thefollowing explanation, by a personal computer, theprimary-recording-medium apparatus 1 is meant. However, theprimary-recording-medium apparatus 1 is not necessarily a personalcomputer.

[0163] In order to carry out operations of the data transfer apparatusprovided by the present invention, the personal computer functioning asthe primary-recording-medium apparatus 1 executes software forimplementing accumulation and transfers of SDMI content data, which areinitiated in the personal computer 1.

[0164] An HDD 5 embedded in or externally added to the personal computer1 serves as the primary recording medium (and primary-recording-mediumdrive means). It is to be noted that, while the HDD 5 is used as theprimary recording medium in the explanation of the embodiment, arecording medium functioning as the primary recording medium is notnecessarily an HDD. The primary recording medium can be one of a varietyof conceivable recording mediums such as an optical disc, amagneto-optical disc, a semiconductor memory embedded in theprimary-recording-medium apparatus 1 and a portable semiconductor memorysuch as a memory card.

[0165] The primary-recording-medium apparatus 1 is capable ofcommunicating with a content server 91 through a communication network110. Content data such as music can be downloaded from the contentserver 91 to the primary-recording-medium apparatus 1. It is needless tosay that a plurality of content servers 91 may be connected to thecommunication network 110. The user of the primary-recording-mediumapparatus 1 can receive a service to download various kinds of data fromany arbitrary one of the content servers 91.

[0166] Content data downloaded from the content server 91 to thepersonal computer 1 can be content data conforming to the SDMI standardor content data not conforming to the SDMI standard.

[0167] A transmission line forming the communication network 110 is awire or radio public communication line. As an alternative, atransmission line forming the communication network 110 can be adedicated line connecting the personal computer 1 to the content server91. To put it concretely, the communication network 110 can be theInternet, a satellite communication network, an optical fiber network orany other communication line.

[0168] The HDD 5 of the personal computer 1 can be an embedded orexternally connected disc drive for driving a package medium 90 such asa CD-DA or a DVD, from which content data such as music is reproduced.In the following description, the package medium 90 is also referred toas a disc 90 or a removable recording medium 90.

[0169] The personal computer 1 is connected to asecondary-recording-medium apparatus 20A or 20B, to which content datastored in the HDD 5 can be transferred. The secondary-recording-mediumapparatus 20A or 20B is a recording apparatus or arecording/reproduction apparatus for recording data onto a secondaryrecording medium. Thus, content data received from the personal computer1 can be recorded onto the secondary recording medium in a copyoperation.

[0170] There are a variety of conceivable examples of thesecondary-recording-medium apparatus 20A or 20B. In the followingdescription, however, the secondary-recording-medium apparatus 20B is arecording apparatus conforming to the SDMI standard.

[0171] In the secondary-recording-medium apparatus 20B conforming to theSDMI standard, the secondary recording medium is assumed to be a memorycard conforming to the SDMI standard. Such a memory card employs asemiconductor memory such as a flash memory. Thus, thesecondary-recording-medium apparatus 20B is a recording/reproductionapparatus for recording and reproducing data onto and from a memory cardconforming to the SDMI standard. In this case, an SDMI content isrecorded on the secondary recording medium in an encrypted state.

[0172] There is created an information management format including acontent ID stored in the secondary recording medium conforming to theSDMI standard. The content ID is used as an identifier for identifyingan SDMI content. When content data is stored in the HDD 5 of thepersonal computer 1, a content ID is generated by an application for thecontent data and stored in the HDD 5 along with the content data. Inaddition, check-outs and check-ins are managed by using content IDs. Itis assumed that, when content data is recorded onto the secondaryrecording medium conforming to the SDMI standard, the content ID of thecontent data can also be recorded onto the secondary recording mediumalong with the content data.

[0173] On the other hand, the secondary-recording-medium apparatus 20Ais a data-recording apparatus not conforming to the SDMI standard.Details of the secondary-recording-medium apparatus 20A will bedescribed later. The secondary recording medium of thesecondary-recording-medium apparatus 20A is used for storing an SDMIcontent, which requires protection of its copyright, in an unencryptedstate. An example of this secondary-recording-medium apparatus is a minidisc. Thus, an example of the secondary-recording-medium apparatus 20Ais a mini-disc recording/reproduction apparatus. In the followingdescription, the secondary-recording-medium apparatus 20A is alsoreferred to simply as a recording/reproduction apparatus 20A in somecases.

[0174] In this case, in order not to lose a function to protect acopyright even if an SDMI content is recorded in an unencrypted state,successful authentication to be described later is taken as a conditionfor an operation to copy the SDMI content.

[0175] A secondary recording medium of the secondary-recording-mediumapparatus 20A is a conventional medium, which has been becoming popular.An example of the secondary recording medium is a mini disc. However,the secondary recording medium of the secondary-recording-mediumapparatus 20A does not include an area for storing a content ID. Forthis reason, a special management technique is adopted for content IDsas will be described later.

[0176] It is to be noted that a medium, which data is recorded onto andreproduced from by the secondary-recording-medium apparatus 20A, is notlimited to a mini disc. Other secondary recording mediums of thesecondary-recording-medium apparatus 20A conceivably include a memorycard employing a semiconductor memory such as a flash memory, a minidisc functioning as a magneto-optical disc, a CD-R (CD Recordable), aCD-RW (CD Rewritabe), a DVD-RAM, a DVD-R and a DVD-RW. Thus, thesecondary-recording-medium apparatus 20A can be any recording apparatusas long as the recording apparatus is capable of recording data onto anyone of these recording mediums.

[0177] The personal computer 1 is connected to thesecondary-recording-medium apparatus 20A or 20B by line conforming to atransmission standard such as the USB (Universal Serial Bus) orIEEE-1394 standard. It is needless to say that another kind oftransmission line can also be used as long as the other transmissionline is capable of transmitting content data or the like. Examples ofthe other transmission line are a wire transmission line and a radiotransmission line.

[0178] 3. Data Paths of SDMI Contents

[0179] Assume for example a system like one shown in FIG. 4. In thiscase, data paths prescribed by the SDMI standard are shown in FIG. 5.

[0180] It is to be noted that a musical content goes through the datapath in processing carried out by the personal computer 1, which isprovided with the HDD 5 as the primary recording medium, to store themusical content onto the HDD 5 or to transfer the content to an externalapparatus such as the secondary-recording-medium apparatus 20A or 20B.In other words, the data paths are implemented by software executed bythe personal computer 1 to carry out processing to store the musicalcontent onto the HDD 5 or to transfer the content to the externalapparatus.

[0181] Procedures and processing to store a musical content onto the HDD5 or to transfer the content to an external apparatus through the datapaths shown in FIG. 5 are denoted by reference notations DP1 to DP9. Inthe following description, reference notations DP1 to DP9 are used torefer to their respective procedures.

[0182] In a procedure DP1, content data distributed by the externalcontent server 91 to the personal computer 1 by way of the communicationnetwork 110 shown in FIG. 4 is examined to form a judgment as to whetheror not the data is a content requiring protection of its copyright inconformity with the SDMI standard. Content data distributed by theexternal content server 91 to the personal computer 1 by way of thecommunication network 110 is referred to as a network content.

[0183] A network content distributed by the external content server 91to the secondary-recording-medium apparatus 20A or 20B can be a contentconforming to the SDMI standard or a content having nothing to do withthe SDMI standard. A content conforming to the SDMI standard and acontent having nothing to do with the SDMI standard are referred to asan SDMI-conforming content and a non-SDMI content respectively.

[0184] An SDMI-conforming content has been encrypted by using a contentkey CK in a key encryption process such as a DES process. Typically, thepre-encryption data of an SDMI-conforming content is encoded data A3Dcompressed by using a compression technique such as ATRAC3. In thiscase, the encrypted SDMI-conforming content is expressed by referencenotation E (CK, A3D).

[0185] If the distributed network content is an SDMI-conforming content,the data path continues from the procedure DP1 to a procedure DP2, inwhich the network content is stored as an SDMI content in the HDD 5serving as the primary recording device.

[0186] In this case, the content data is written into the HDD 5 in thedistributed state E (CK, A3D) as it is. As an alternative, the contentdata is once decrypted before being encrypted again by using anothercontent key CK′ to generate encrypted data E (CK′, A3D) to be storedonto the HDD 5. That is to say, the content key is changed from CK toCK′.

[0187] If the distributed network content is a non-SDMI content, on theother hand, the data path continues from the procedure DP1 to aprocedure DP3, in which a watermark-check process is carried out. Thewatermark-check process is a screening process based on a watermark.

[0188] Also in the procedure DP3, a watermark-check process is carriedout on a disc content without executing the procedure DP1. A disccontent is a content read out from a package medium mounted on a driveembedded in the personal computer 1 or mounted on a disc drive connectedto the personal computer 1. An example of the embedded drive is a ROMdrive. Examples of the package medium include a CD-DA and a DVD.

[0189] That is to say, for a disc content, which is content data notconforming to the SDMI standard, a watermark-check process is carriedout.

[0190] If the disc content does not pass the watermark-check process,the data path continues from the procedure DP3 to a procedure DP5 inwhich the disc content is determined to be a content that cannot becopied in the data paths. A variety of conceivable concrete handlingscan be implemented through the design of software. For example, such adisc content is stored into the HDD 5 but treated like content data thatcannot be transferred for the purpose of copying or moving the data toanother medium. As an alternative conceivable handling, such a disccontent is not stored in the HDD 5 in the content processing conformingto the SDMI standard.

[0191] If the content passes the watermark-check process, that is, if anelectronic watermark exists and a copy control bit is confirmed toindicate that a copy operation is permitted, on the other hand, thecontent is determined to be content data that can be copied legally. Inthis case, the data path continues to a procedure DP4 to form a judgmentas to whether or not the content is to be handled in conformity with theSDMI standard. Whether or not a content is to be handled as dataconforming to the SDMI standard is dependent on the software design, auser setting or the like.

[0192] If the content is not to be handled in conformity with the SDMIstandard, the data path continues to a procedure DP6 in which thecontent is treated as a non-SDMI content and excluded from thecontent-data path conforming to the SDMI standard. For example, atransfer of the content to a recording apparatus not conforming to theSDMI standard is enabled.

[0193] If the content is to be handled in conformity with the SDMIstandard, on the other hand, the data path continues from the procedureDP4 to the procedure DP2 in which the content data is encrypted andstored into the HDD 5 as an SDMI content. To be more specific, thecontent data is stored into the HDD 5 typically in an E (CK, A3D) or E(CK′, A3D) state.

[0194] In accordance with the data paths described above, an SDMInetwork content or an SDMI disc content is stored into the HDD 5, whichis used as a primary recording medium. An SDMI network content is acontent, which is received from the communication network 110 and to behandled in conformity with the SDMI standard. On the other hand, an SDMIdisc content is a content, which is read out from a disc such as a CD-DAor another medium and to be handled in conformity with the SDMIstandard.

[0195] In addition, for an SDMI content, a content ID unique to the SDMIcontent is generated and stored into the HDD 5 along with the SDMIcontent. The content ID is used in management of usage rules, which isexecuted for each SDMI content as will be described later.

[0196] In accordance with a predetermined rule, an SDMI content storedin the HDD 5 is transferred to the recording/reproduction apparatus 20Bconforming to the SDMI standard so that the content can be copied to asecondary recording medium also conforming to the SDMI standard. Asdescribed above, an SDMI content can be an SDMI network content or anSDMI disc content. In addition, in the case of this embodiment, besidesthe recording/reproduction apparatus 20B conforming to the SDMIstandard, the SDMI content stored in the HDD 5 can also be transferredto the recording/reproduction apparatus 20A not conforming to the SDMIstandard under a predetermined condition.

[0197] First of all, assume that the personal computer 1 employing theHDD 5 is connected to the recording/reproduction apparatus 20Bconforming to the SDMI standard. In this case, an SDMI content stored inthe HDD 5 is transferred to the recording/reproduction apparatus 20B asfollows.

[0198] In the case of an SDMI disc content, a usage rule fortransferring the content is determined in advance. In a procedure DP8,the transfer of the SDMI disc content according to the usage rule to therecording/reproduction apparatus 20B conforming to the SDMI standard forthe purpose of copying the content to the recording/reproductionapparatus 20B is recognized.

[0199] It is to be noted that these data paths are paths of a check-outor an operation to transfer a content from the HDD 5 serving as aprimary recording medium to a secondary recording medium such as amemory card mounted on the recording/reproduction apparatus 20Bconforming to the SDMI standard or the recording/reproduction apparatus20A conforming to the SDMI standard to copy the content to be reproducedby the recording/reproduction apparatus 20B or 20A. An operationopposite to a check-out is a check-in, which is an operation to transferor move a content from the secondary recording medium back to theprimary recording medium. It is worth noting that, in such a moveoperation to transfer a content from the secondary recording medium backto the primary recording medium, the content data is erased from thesecondary recording medium.

[0200] As a usage rule of a transfer of an SDMI disc content, an upperlimit is imposed on the number of allowable check-outs. For example, upto three check-outs are permitted for a piece of content data. Thus, acontent can be copied to up to three secondary recording mediumsconforming to the SDMI standard in check-out operations. When a contentis moved back from a secondary recording medium to the primary recordingmedium in a check-in, the number of check-outs carried out so far forthe content data is decremented by 1. Thus, even after a content hasbeen copied to three secondary recording mediums conforming to the SDMIstandard, the content can be copied again to a secondary recordingmedium conforming to the SDMI standard provided that the content hasbeen moved from one of the three secondary recording mediums in acheck-in back to the primary recording medium. That is to say, contentdata is permitted to exist in up to three secondary recording mediumsconforming to the SDMI standard.

[0201] Also in the case of an SDMI network content, a usage rule fortransferring the content is determined in advance. In a procedure DP7,the transfer of the SDMI network content according to the usage rule tothe recording/reproduction apparatus 20B conforming to the SDMI standardfor the purpose of copying the content to the recording/reproductionapparatus 20B is recognized.

[0202] As a usage rule of a transfer of an SDMI network content, anupper limit is imposed on the number of allowable check-outs as is thecase with an SDMI disc content. The upper limit can be the same as ordifferent from the upper limit set for an SDMI disc content. Forexample, an upper limit of 1 imposed on the number of allowablecheck-outs is conceivable. In this case, each piece of content data canbe copied only to one secondary recording medium conforming to the SDMIstandard. If the content data is moved back from the secondary recordingmedium to the primary recording medium in a check-in, the content datacan be copied again to a secondary recording medium conforming to theSDMI standard.

[0203] An SDMI content copied in accordance with these usage rules froma primary recording medium to a secondary recording medium conforming tothe SDMI standard in a check-out is transferred through a transmissionline in an encrypted state. To be more specific, the SDMI content istransferred through a transmission line in an E (CK, A3D) or E (CK′,A3D) state.

[0204] Then, the SDMI content transferred in an encrypted state isreceived by the recording/reproduction apparatus 20B conforming to theSDMI standard to be copied to the secondary recording medium in theencrypted state as it is.

[0205] In an operation carried out by the recording/reproductionapparatus 20B conforming to the SDMI standard to reproduce the SDMIcontent copied and recorded to the secondary recording medium, thecontent is read out from the secondary recording medium and decrypted toreproduce the content. To put it in detail, the content data recorded inthe secondary recording medium in the E (CK, A3D) or E (CK′, A3D) stateis decrypted by using the content key CK or CK′ to generate respectivelya content D {.CK, E (CK, A3D)}=A3D or D {CK′, E (CK′, A3D)}=A3D, whichis the original unencrypted content data compressed by using the ATRAC3compression technique. The original unencrypted compressed content A3Dis subjected to processing such as a decompression process opposite tothe ATRAC3 compression process to carry out demodulation processing toproduce output audio data such as music.

[0206] As described above, a copyright for content data conforming tothe SDMI standard can be properly protected by the encrypted state ofthe content data along the data paths for a check-out of the contentdata to the recording/reproduction apparatus 20B conforming to the SDMIstandard and the encrypted state of the content data in the secondaryrecording medium as well as properly protected by copy managementexecuted by checking the usage rules set for content transfers.

[0207] If the recording/reproduction apparatus 20A is connected to thepersonal computer 1, on the other hand, the following processing iscarried out.

[0208] It is to be noted that, as described above, unlike therecording/reproduction apparatus 20B conforming to the SDMI standard,the recording/reproduction apparatus 20A records a content onto asecondary recording medium such as a mini disc in an unencrypted state.Since a content is recorded onto a mini disc in an unencrypted state,the content data copied to and recorded on the mini disc can be can bereproduced by an ordinary mini-disc reproduction apparatus, which hasbeen becoming popular in general so that more convenience can be offeredto the user.

[0209] Since a content is recorded onto a mini disc in an unencryptedstate, however, a problem is raised in the protection of the copyrightfor the content. In order to solve this problem, it is necessary tosatisfy predetermined conditions for transferring content data to therecording/reproduction apparatus 20A.

[0210] In order to transfer an SDMI network content to therecording/reproduction apparatus 20A and record the content onto asecondary recording medium in an unencrypted state in a copy operation,it is necessary to satisfy the following three transfer conditions forthe copy operation:

[0211] (1) The recording/reproduction apparatus 20A shall pass anauthentication process, giving an OK authentication result.

[0212] (2) The copyright owner shall recognize the copy operation totransfer the content data to the recording/reproduction apparatus 20Aand record the data onto the secondary recording medium.

[0213] (3) The transfer of the content data shall abide by usage rulesset for check-outs and check-ins.

[0214] It is not possible to carry out a copy operation to transfer thecontent data to an apparatus other than the recording/reproductionapparatus 20B conforming to the SDMI standard in an unrestricted mannereven if above transfer conditions (1), (2) and (3) are satisfied. Inthis way, the function to protect a copyright is preserved. In addition,the function to protect a copyright function due to the fact thatcontent data is transferred through a transmission line in an encryptedstate and it is not until the content data is received by therecording/reproduction apparatus 20A that the data is decrypted by therecording/reproduction apparatus 20A.

[0215] In a procedure DP9, above transfer conditions (1), (2) and (3)are checked before an SDMI network content is transferred to therecording/reproduction apparatus 20A.

[0216] To put it in detail, the recording/reproduction apparatus 20A issubjected to a predetermined authentication process. In addition, flaginformation or the like included in the content data is examined toverify the copyright owner's intention as to whether or not the copyoperation is allowed. Furthermore, the check-out and check-in usagerules are implemented.

[0217] An SDMI network content copied to the recording/reproductionapparatus 20A under the conditions described above is transmittedthrough a transmission line in an encrypted state as it is. To be morespecific, the SDMI network content is transmitted through thetransmission line in an E (CK, A3D) or E (CK′, A3D) state.

[0218] The encrypted SDMI network content is received by therecording/reproduction apparatus 20A having a configuration shown inFIG. 7 and then decrypted by a decryption processing unit 28 to generatethe original data A3D compressed by using the ATRAC3 compressiontechnique. Then, the encrypted content data A3D is subjected to anencoding process carried out by an EFM/ACIRC encoder/decoder 24 includedin the configuration shown in FIG. 7 before being supplied to arecording/reproduction unit 25 for recording the data onto a mini disc100.

[0219] Thus, in an operation to reproduce the SDMI content copied to andrecorded on the mini disc 100, the recording/reproduction apparatus 20Aneeds to carry out the same decoding processes as an ordinary mini-discsystem on data read out from the mini disc 100. The decoding processesinclude an EFM demodulation process, an ACIRC error correction processand a decompression process adopting a decompression technique as acounterpart of the ATRAC compression technique.

[0220] It means that the copied content data recorded on the mini disc100 can be reproduced normally by an ordinary mini-disc reproductionapparatus when the mini disc 100 is mounted on the apparatus. That is tosay, the user can enjoy the SDMI network content copied to and recordedon the mini disc 100 by reproduction of the content by means of anordinary mini-disc reproduction apparatus not conforming to the SDMIstandard.

[0221] It is to be noted that, if the transfer of a content is notpermitted in accordance with results of checking usage rules in theprocedures DP7, DP8 and DP9 in the data paths shown in FIG. 5, thecontent is of course not transferred to the recording/reproductionapparatus 20A or 20B.

[0222] 4. Typical Configuration of Data Transfer Apparatus(Primary-Recording-Medium Apparatus or PC)

[0223]FIG. 6 is a block diagram showing the configuration of aprimary-recording-medium apparatus 1 functioning as a data transferapparatus. The following description explains a personal computer usedas the primary-recording-medium apparatus 1. By building special-purposehardware with a configuration for executing the same functions as theprimary-recording-medium apparatus 1, however, it is also possible tocreate an apparatus specially used for data transfers.

[0224] In this embodiment, software programs to be executed for carryingout functions of the data transfer apparatus are installed on thepersonal computer 1 to implement a primary-recording-medium apparatus asthe data transfer apparatus. It is to be noted that, in thisspecification, a personal computer or a computer has a broad meaning ofthe so-called general-purpose computer.

[0225] A software program can be stored in advance in a recording mediumembedded in the computer. Examples of the embedded recording medium arethe hard disk drive (HDD) 5 and a ROM 3.

[0226] As an alternative, a software program can be stored (or recorded)temporarily or permanently in a removable recording medium 90 such as afloppy disc, a CD-ROM (Compact Disc Read-Only Memory), an MO (MagnetoOptical) disc, a DVD (Digital Versatile Disc), a magnetic disc and asemiconductor memory. A program stored in the removable recording medium90 is presented to the user as the so-called package software.

[0227] It is to be noted that, in addition to the installation of aprogram from the removable recording medium 90 into the computer, aprogram can also be downloaded into the computer from a download site byway of an artificial satellite for digital satellite broadcasting byradio communication or by way of a network such as a LAN (Local AreaNetwork) or the Internet by wire communication. In the computer, thedownloaded program is received by a communication unit 8 to be installedin the embedded HDD 5.

[0228] The computer 1 shown in FIG. 6 includes an embedded CPU (CentralProcessing Unit) 2. The CPU 2 is connected to an input/output interface10 by a bus 12. The CPU 2 executes a program stored in a ROM (Read-OnlyMemory) 3 in advance in accordance with a command entered to the CPU 2by way of the input/output interface 10 by the user by operating aninput unit 7 such as a keyboard, a mouse or a microphone. As analternative, the CPU 2 loads a program from the HDD 5 into the RAM(Random-Access Memory) 4 for execution. The program is stored in the HDD5 from the beginning, received by a communication unit 8 from asatellite or a network and installed in the HDD 5 or read out from theremovable recording medium 90 such as an optical disc mounted on a drive9 and installed in the HDD 5. By executing such a program, the CPU 2carries out processing of a data transfer apparatus for an SDMI content.

[0229] The CPU 2 outputs a result of the processing to an output unit 6or the communication unit 8 for transmission by way of the input/outputinterface 10 for example, or records the result into the HDD 5 asrequired.

[0230] In this case, the communication unit 8 is capable ofcommunicating with a variety of servers through the communicationnetwork 110 shown in FIG. 4. To be more specific, the computer 1 iscapable of downloading a network content such as a musical content froman external content server 91. The downloaded network content issubjected to processing for a content conforming to the SDMI standard orprocessing not conforming to the SDMI standard along the data pathsdescribed above. The downloaded network content completing theprocessing for a content conforming to the SDMI standard is at leaststored as an SDMI content into the HDD 5. The SDMI content stored in theHDD 5 is a content to be transferred to the recording/reproductionapparatus 20B conforming to the SDMI standard or therecording/reproduction apparatus (recording/reproduction apparatus) 20Apassing an authentication test.

[0231] A connection unit 11 is a member connected between therecording/reproduction apparatus 20A and the recording/reproductionapparatus 20B so that data can be communicated between theprimary-recording apparatus 1 and the recording/reproduction apparatus20A or the recording/reproduction apparatus 20B. Conceivable examples ofthe connection unit 11 are a USB interface and an IEEE-1394 interface.It is needless to say that a wire interface conforming to otherstandards and a radio interface using an infrared ray or a wave can beused as the connection unit 11.

[0232] It is to be noted that the various kinds of processing forimplementing the data paths described earlier by referring to FIG. 5 donot have to be sequential processing along the time axis, but theprocessing for implementing the data paths may include pieces ofprocessing to be carried out concurrently or individually (Examples ofthe processing to be carried out concurrently or individually areconcurrent processing and object oriented processing).

[0233] A program can be carried out by a single computer or a pluralityof computers in the distributed processing. In addition, a program canbe transferred to a remote computer to be executed thereby.

[0234] 5. Typical Configuration of Data-Recording Apparatus(Secondary-Recording-Medium Apparatus or Recording/ReproductionApparatus)

[0235]FIG. 7 is a block diagram showing a typical configuration of therecording/reproduction apparatus 20A.

[0236] In this case, the recording/reproduction apparatus 20A isconfigured by a mini disc recorder, for example. A secondary recordingmedium 100 is a mini disc (or a magneto-optical disc). The secondaryrecording medium 100 is also referred to hereafter as the mini disc 100.

[0237] It is to be noted that FIG. 7 shows the configuration of therecording/reproduction apparatus 20A including only a system forprocessing data to be recorded onto or reproduced from the mini discused as the secondary recording medium 100 and a system for processingdata transferred from the primary-recording-medium apparatus 1. Sinceother systems such as the driving system, the servo system and thereproduction output system are similar to their respective counterpartsemployed in the ordinary mini-disc recording/reproduction apparatus,their detailed diagrams are omitted.

[0238] In the recording/reproduction apparatus 20A, an MD control unit(CPU) 21 serves as a controller for controlling operations to record andreproduce data onto and from the mini disc 100. To put it concretely,the MD control unit 21 controls a rotation driving mechanism, a spindleservo, a focus servo, a tracking servo, a thread servo, operations toapply a laser beam and a magnetic field to an optical head and amagnetic head respectively and processing to encode data to be recordedand decode reproduced data.

[0239] A recording/reproduction unit 25 includes an optical head, amagnetic head, a disc-rotation-driving system and a servo system. Inactuality, the recording/reproduction unit 25 serves as a member forrecording and reproducing data onto and from the mini disc 100.

[0240] An EFM/ACIRC encoder/decoder 24 encodes data to be recorded ontothe mini disc 100 and decodes data reproduced from the mini disc 100. Asis generally known, in the case of a mini-disc system, data to berecorded is subjected to an encoding process for ACIRC error correctioncodes and an EFM modulation process. The EFM/ACIRC encoder/decoder 24carries out an ACIRC encoding process and an EFM encoding process ondata to be recorded before supplying the data to therecording/reproduction unit 25.

[0241] In a reproduction operation, the EFM/ACIRC encoder/decoder 24carries out decoding processes on data (RF signal) read out from themini disc 100 and supplied to the EFM/ACIRC encoder/decoder 24 by therecording/reproduction unit 25. The decoding processes include binaryconversion processing, EFM demodulation processing and error correctionprocessing adopting the ACIRC technique.

[0242] A buffer memory 30 buffers data to be recorded onto the mini disc100 and data reproduced from the mini disc 100. That is to say, thebuffer memory 30 has a buffering function commonly known as ashock-proof function.

[0243] In an operation to record data, data compressed and encoded byusing the ATRAC/ATRAC3 technique is stored temporarily in the buffermemory 30. The data is then read out in predetermined data unitsintermittently from the buffer memory 30 and supplied to the EFM/ACIRCencoder/decoder 24 to be recorded onto the mini disc 100.

[0244] In an operation to reproduce data, data is read out from the minidisc 100 and decoded by the EFM/ACIRC encoder/decoder 24. The decodeddata is stored temporarily in the buffer memory 30. The stored data isthen read out continuously from the buffer memory 30 and supplied to acodec 23 for carrying out a decompression/decoding process.

[0245] The codec 23 is a member for carrying out compression processingand decompression processing based on respectively encoding and decodingprocesses adopting the ATRAC/ATRAC3 technique.

[0246] Data to be recorded onto the mini disc 100 is compressed by usingthe ATRAC/ATRAC3 technique before being subjected to the encodingprocess. Thus, when the recording/reproduction apparatus 20A receivesdata, PCM audio data for instance, not completing compression andencoding processes, the codec 23 carries out the compression andencoding processes by adopting the ATRAC or ATRAC3 technique on the datato be recorded, and supplies the compressed data to the EFM/ACIRCencoder/decoder 24.

[0247] Data read out from the mini disc 100 by therecording/reproduction unit 25 and decoded by the EFM/ACIRCencoder/decoder 24 in a reproduction operation is a data in a state ofbeing compressed and encoded by adoption of the ATRAC/ATRAC3 technique.The data is supplied to the codec 23 by way of the buffer memory 30. Thecodec 23 decompresses the data by using a decompression technique as acounterpart of the ATRAC/ATRAC3 technique to generate 16-bit quantizeddigital audio data having a frequency of 44.1 KHz. The digital audiodata is subjected to processing including a D/A conversion process, ananalog signal process and an amplification process in an output circuitnot shown in the figure to generate a speaker output signal representingreproduced music or the like.

[0248] As an alternative, the reproduced signal is output to anotherapparatus as digital audio data.

[0249] The configuration described above includes components of arecording/reproduction apparatus of the ordinary mini-disc system.However, the recording/reproduction apparatus 20A implemented by theembodiment has additional members employed in a personal computer toserve as the primary-recording-medium apparatus 1. To be more specific,used for carrying out processing such as processes to receivetransmitted content data and decode the data, the members include acommunication unit 26, a DMA 27, a decryption processing unit 28, acache memory 29, a flow control unit 31 and a system control unit 32.

[0250] The system control unit 32 (CPU) is a member for controlling thewhole recording/reproduction apparatus 20A.

[0251] Typically, the system control unit 32 controls processing such asissuance of a request for generation of data and a communication forauthentication between the personal computer 1 and therecording/reproduction apparatus 20A, processing to exchange a varietyof commands with the personal computer 1 and processing of content datareceived from the personal computer 1. In addition, in accordance withthe various kinds of control, a command is given to the MD control unit21 and operations to record and reproduce content data onto and from themini disc 100 as well as operations to read out and update managementinformation are controlled.

[0252] Not shown in the figure, an operation unit and a display unit areprovided as a user interface. The system control unit 32 controlsprocessing to monitor operations carried out by the user on theoperation unit, processing carried out in accordance with the operationsand display processing of the display unit.

[0253] Connected to the connection unit 11 of the personal computer 1shown in FIG. 6, the communication unit 26 is a member for exchangingdata with the personal computer 1. The communication unit 26 processessignals conforming to a communication technique as the USB or IEEE-1394technique.

[0254] Data received by the communication unit 26 from the personalcomputer 1 includes a variety of commands and an SDMI content.

[0255] The SDMI content received by the communication unit 26 is storedin the cache memory 29 by control executed by a DMA (Direct MemoryAccess) 27. It is to be noted that such a content can of course bestored in the cache memory 29 under control executed by the CPU in placeof the DMA 27.

[0256] The decryption processing unit 28 is a member for carrying outcounterpart processing of the process to encrypt an SDMI content. Thatis to say, the decryption processing unit 28 decrypts content datastored in the cache memory 29. The unencrypted content data is thenstored in another area of the cache memory 29.

[0257] Since the SDMI content data has been encrypted by using a contentkey CK or CK′, information usable for recognizing at least the contentkey CK or CK′ is stored. As will be described later concretely, the DNKs(Device Node Keys) explained earlier by referring to FIG. 1 are stored.The recording/reproduction unit 25 corresponds to a device (DVx) shownin FIG. 1. DNKs stored in the DVx include a leaf key as well as nodekeys and a root key, which have been encrypted by using the leaf key.The content key CK can be recognized by using such DNKs or, in somecases, an EKB received as described earlier.

[0258] Thus, DNKs are stored information that can be used forrecognizing a content key CK for an SDMI content. By using the contentkey CK, the decryption processing unit 28 is capable of decrypting anencrypted SDMI content received in an encrypted state. The encryptedSDMI content is E (CK, A3D), for example. The result of the decryptionis D {CK, E (CK, A3D)}=A3D, which is decrypted data compressed by usingthe ATRAC3 technique. The decrypted data compressed by using the ATRAC3technique is encoded by the EFM/ACIRC encoder/decoder 24 before beingstored by the recording/reproduction unit 25 onto the mini disc 100.

[0259] It is to be noted that the SDMI content is not always datacompressed by using the ATRAC3 technique. For example, linear PCM dataencrypted by a content key is conceivable. Thus, there is also a methodof inputting transferred content in the E (CK, PCM). In this case, as amatter of course, the decryption processing unit decrypts the encryptedcontent in the E (CK, PCM) to generate D {CK, E (CK, PCM)}=PCM, which isdecrypted linear PCM data. In this case, the PCM data is compressed bythe codec 23 by using the ATRAC3 technique before being encoded by theEFM/ACIRC encoder/decoder 24 and recorded onto the mini disc 100 by therecording/reproduction unit 25.

[0260] A key may be stored in the decryption processing unit 28 in somecases to be used in an authentication process. In a typicalauthentication process to be described later, the recording/reproductionapparatus 20A uses a stored public key P and a stored secret key S. Inthis case, the public key P and the secret key S are both stored in thedecryption processing unit 28. The secret key S is also used in anencryption process.

[0261] In addition, the decryption processing unit 28 includes anembedded hash engine for carrying out the so-called hash-functionprocessing in order to generate a content ID.

[0262] It is to be noted that generation of the content ID will bedescribed later.

[0263] The decrypted encrypted SDMI content such as data compressed bythe ATRAC3 technique or PCM data is transferred from the cache memory 29to the flow control unit 31.

[0264] The flow control unit 31 is a member for transferring thedecrypted encrypted SDMI content to an MD control unit 21 serving as arecording process system for recording the data onto the mini disc 100(The recording process system includes the codec 23, the EFM/ACIRCencoder/decoder 24, the recording/reproduction unit 25 and the buffermemory 30).

[0265] The flow control unit 31 transfers the decrypted encrypted SDMIcontent upon a request (XARQ) made by the MD control unit 21. The flowcontrol unit 31 adjusts timings of reception of content data, decryptionprocessing and processing to record data onto the mini disc 100.

[0266] A bus line 22 is a communication line allowing various kinds ofdata to be exchanged among the MD control unit (CPU) 21, the codec 23,the buffer memory 30, the EFM/ACIRC encoder/decoder 24, the flow controlunit 31, the DMA 27, the cache memory 29, the communication unit 26, thedecryption processing unit 28 and the system control unit 32.

[0267] In the above configuration, as SDMI content data transmitted bythe personal computer 1, data in the E (CK, A3D) state or data in the E(CK, PCM) state is decrypted and encoded by the EFM/ACIRCencoder/decoder 24 by using the ATRAC3 compression technique beforebeing recorded by the recording/reproduction unit 25 onto the mini disc100.

[0268] By the way, in a check-in and a check-out of content data betweenthe personal computer 1 and the recording/reproduction apparatus 20A andin other communication sessions, a variety of commands are alsotransmitted.

[0269] These commands are received by the communication unit 26 andpassed on to the system control unit 32. The system control unit 32carries out various kinds of processing in accordance with thesecommands, and transmits a response to each of the commands from thecommunication unit 26 to the personal computer 1.

[0270] 6. Management Technique of Mini Disc

[0271] The following description explains data to be recorded onto themini disc 100 and management information.

[0272] In a digital recording/reproduction system such as a mini-discsystem, a TOC (Table of Contents) is recorded on a recording medium asmanagement information for controlling operations to record andreproduce data onto and from the medium such as a disc. Therecording/reproduction apparatus reads out the TOC information from therecording medium and saves the information in a memory in advance. Inrecording and reproduction operations, the TOC information is referredto to obtain a write or read position so as to allow an access operationfor the recording or reproduction operation to be carried out.

[0273] In the case of a mini disc, the TOC information includes a P-TOC(pre-mastered TOC) and a U-TOC (a user TOC). The P-TOC is unchangeableinformation recorded as pits. The U-TOC is information recorded byadopting a magneto-optical technique. The U-TOC is changed to accompanyoperations such as processing to record and delete musical data. To putit in detail, when musical data is recorded or deleted, the U-TOC storedin a memory is first of all updated and the updated U-TOC copy is thenstored in a U-TOC area on a disc with a predetermined timing.

[0274] It is to be noted that, by using the U-TOC, content data such asaudio data recorded onto the disc is managed in units each called atrack. Typically, 1 track corresponds to a piece of music.

[0275] First of all, a data unit called a cluster is explained as datastored in the mini disc 100. In the mini-disc system, as recorded data,a data stream is created for each unit called the cluster. The format ofthe cluster used as the unit of a recording operation is shown in FIG.8.

[0276] A recorded track in the mini-disc system is a continuous sequenceof clusters CL shown in FIG. 8. A cluster is a minimum unit used in arecording operation.

[0277] A cluster includes three sector-linking sectors SCFC to SCFE, asub-data sector SCFF and 32 main sectors SC00 to SC1F. Thus, a clusterincludes a total of 36 sectors.

[0278] A sector is a data unit having a size of 2,352 bytes.

[0279] The sector-linking sectors SCFC to SCFE are used as a bufferarea, a break between two consecutive recording operations, and anadjustment area for a variety of operations. The sub-data sector SCFF isused for recording information set as sub-data.

[0280] The 32 main sectors SC00 to SC1F are used for recording variouskinds of data such as the TOC data and audio data.

[0281] A sector is further divided finely into units called soundgroups. To be more specific, two sectors are divided into 11 soundgroups.

[0282] That is to say, as shown in the figure, two consecutive sectors,namely, an even-numbered sector such as a sector SC00 and anodd-numbered sector such as a sector SC01, include sound groups SG00 toSG0A. Each sound group has a size of 424 bytes for storing audio datawith an amount corresponding to 11.61 msec.

[0283] Data is recorded in one sound group SG, being split into L and Rchannels. For example, data recorded in the sound group SG00 includesdata L0 and data R0. On the other hand, data recorded in the sound groupSG01 includes data L1 for the L channel and data R1 for the R channel.

[0284] It is to be noted that 212 bytes used as a data area for the L orR channel are referred to as a sound frame.

[0285]FIG. 9 is diagrams showing the area structure of the mini disc100.

[0286] To be more specific, FIG. 9(a) is a diagram showing areasstretched from the disc innermost circumference side to the discoutermost circumference side. The mini disc 100 used as amagneto-optical disc has a pit area on the innermost circumference side.The pit area is a reproduction-only area used for creating data asemboss pits. In this pit area, the P-TOC is recorded.

[0287] Circumferences on the outer side of the pit area are amagneto-optical recording/reproduction area. In this area, grooves arecreated as guide grooves of recording tracks.

[0288] A segment from cluster 0 to cluster 49 on the innermostcircumference side of the magneto-optical area is used as a managementarea. Cluster 50 to cluster 2,251 are a program area used for storingeach piece of musical data as a track. An area on the outer side of theprogram area is used as a lead-out area.

[0289] On the other hand, FIG. 9(b) is a diagram showing details of themanagement area. In the management area, a horizontal line representssectors and lines arranged vertically each represent a cluster.

[0290] In the management area, clusters 0 and 1 serve as a buffer areawith the pit area. Cluster 2 is used as a power calibration area (PCA)for adjusting the output power of a laser beam.

[0291] Clusters 3, 4 and 5 are used for recording a U-TOC, the contentsof which will be described later in detail. A data format is prescribedin each of the 32 main sectors (SC00 to SC1F) in one cluster, andmanagement information is included in each of the sectors. That is tosay, sectors of the U-TOC are prescribed so that the address of eachtrack recorded in the program area and the address of a free area aswell as information such as the name of each track and recording timescan be recorded in the U-TOC. Three identical clusters 3, 4 and 5, eachincluding sectors used as the U-TOC sectors, are consecutively recorded.

[0292] Clusters 47, 48 and 49 are a buffer area with the program area.

[0293] It is to be noted that a hatched portion PD is an area in whichpre-paid information to be described later is set.

[0294] In the program area starting at cluster 50 (or cluster 32 h ifexpressed in the hexadecimal format), 32 main sectors (SC00 to SC1F) ineach cluster are used for storing audio data such as music in acompressed form known as the ATRAC form. Each recorded track (or contentdata) and free areas are managed by using the U-TOC. It is to be notedthat the sector SCFF in each cluster in the program area can be used forrecording information serving as sub-data as described earlier.

[0295] The sectors of the U-TOC are explained by referring to FIG. 10.

[0296] It is to be noted that, as explained earlier by referring to FIG.9, the P-TOC is read-only information created in a pit area on theinnermost circumference side of the disc 90. The P-TOC is used formanaging locations in areas such as a recordable area of the disc(recordable user area), a lead-out area and a U-TOC area. It is worthnoting that, in a reproduction-only optical disc where all data has beenrecorded in a pit form, the P-TOC can also be used for managing piecesof music recorded in a manner like a ROM. In this case, the U-TOC is notcreated. No detailed description of the P-TOC is given.

[0297]FIG. 10 is an explanatory diagram showing the format of U-TOCsector 0.

[0298] Sectors 0 to 32 can be used as U-TOC sectors. In a clusterdescribed above, U-TOC sectors are main sectors SC00 to SC1F.

[0299] U-TOC sector 0 is a data area for recording managementinformation for managing free areas in which content data (or tracks)such as recorded pieces of music and new content data can be recorded.

[0300] In an operation to record a piece of music onto the mini disc100, for example, the MD control unit 21 searches U-TOC sector 0 for afree area on the disc, and writes the piece of music into the area. In areproduction operation, on the other hand, the MD control unit 21searches U-TOC sector 0 for an area for recording a piece of music to bereproduced, and makes an access to the area to read out the piece ofmusic.

[0301] At the start positions of a data area (2,352 bytes 4 bytes×588)in U-TOC sector 0 shown in FIG. 10, a string of pieces of 1-byte data isrecorded as a synchronization pattern. Each piece of 1-byte dataincludes a string of all 0s or all 1s.

[0302] The synchronization pattern is followed by an address with alength of 3 bytes. The first 2 bytes (namely Cluster H and Cluster L),are a cluster address and the third byte is a sector address (Sector).The 3 bytes are followed by a byte (MODE) for storing a mode. Thesynchronization pattern and the 4 bytes form the header. The 3-byteaddress is the address of the sector itself.

[0303] It is to be noted that the configuration of the header includingthe synchronization pattern and the address applies not only to U-TOCsector 0, but also to a P-TOC sector and sectors in the program area.The address of a sector itself and a synchronization pattern arerecorded in the header to each sector.

[0304] Predetermined following byte positions are used for recordingdata such as a maker code, a model code, the number of the first track(First TNO), the number of the last track (Last TNO), a condition of theused sectors (Used sectors), the disc serial number and the disc ID.

[0305] An area following the disc ID is a pointer portion for storing avariety of pointers (namely, P-DFA, P-EMPTY, P-FRA and P-TNO1 toP-TNO255). These pointers each point to a part descriptor in a table tobe described later. A part descriptor is a descriptor of an area forstoring a track (music and the like) recorded by the user or adescriptor of a free area.

[0306] The table associated with the pointers (P-DFA to PTNO255) is a255-part-descriptor table including 255 part descriptors (01h to FFh). Apart descriptor includes the start address of a part, the end address ofthe part and the mode of the part (track mode). If a specific part iscontinued to another part, the descriptor of the specific part alsoincludes a link indicating the part descriptor of the other part. By thesame token, the part descriptor of the other part includes the startaddress of the other part, the end address of the other part and themode of the other part.

[0307] It is to be noted that a track is a portion in the track forrecording the data, which is continuous along the time axis, in aphysically continuous state.

[0308] The start and end addresses are the start and end addresses of apart or each of a plurality of parts composing a piece of music (ortrack).

[0309] Addresses are each recorded in a shortened form, indicating thelocation of a cluster, a sector or a sound group.

[0310] Even if data of a piece of music (track) is recorded in aphysically discontinuous manner, that is, recorded over a plurality ofparts, a recording/reproduction apparatus of this type is capable ofreproducing the piece of music by making accesses to the partssequentially, one part after another, without causing a reproductionproblem. Thus, data such as a piece of music recorded by the user isstored by being split over a plurality of parts for the purpose of usinga recordable area with a high degree of efficiency.

[0311] For the above reason, a part descriptor includes a link. Asdescribed above, if a specific part is continued to another part, thedescriptor of the specific part also includes a link indicating the partdescriptor of the other part. The link indicating the part descriptor isa number (in the range 01h to FFh) assigned to the part descriptor ofthe other part.

[0312] That is to say, in the table portion of U-TOC sector 0, each partdescriptor describes a part. If a piece of music is recorded over threeparts, for example, the part descriptor of the first part includes alink to the part descriptor of the second part and the part descriptorof the second part includes a link to the part descriptor of the thirdpart. In this way, the locations of parts are managed.

[0313] It is to be noted that the actual byte location (in U-TOC sector0) of a part descriptor pointed to by a link is expressed numerically bythe following equation:

Actual location=304+link×8 (=the size of a part descriptor expressed interms of bytes).

[0314] The contents of a part described by a part descriptor of thetable portion in U-TOC sector 0 (with a number in the range 01 h to FFh)are determined by which of the pointers (P-DFA, P-EMPTY, P-FRA andP-TNO01 to PTNO255) is associated with the part descriptor as follows.

[0315] The pointer P-DFA refers to a defective area on themagneto-optical disc 90. That is to say, the pointer PDFA points to apart descriptor describing a defective area (or a defective track part)caused by an injury or the like or points to the first one of aplurality of part descriptors describing such a defective area or such adefective track part. To be more specific, the pointer P-DFA has a valuein the range 01h to FFh. This value is a number assigned to a partdescriptor including the start and end addresses of the defective part.If another defective part exists, the part descriptor includes a link toanother part descriptor describing the other defective part. If no moredefective part exists, the link in the other part descriptor is set at00h pointing to no part descriptor.

[0316] The pointer P-EMPTY points to an unused part descriptor or thefirst one of a plurality of unused part descriptors. To be morespecific, the pointer P-EMPTY has a value in the range 01h to FFh. Thisvalue is a number assigned to an unused part descriptor or the first oneof a plurality of unused part descriptors.

[0317] If a plurality of unused part descriptors exists, the first onepointed to by the pointer P-EMPTY includes a link pointing to the secondone, which includes a link pointing to the third one and so on. In thisway, all unused part descriptors are put on a linked list.

[0318] The pointer P-FRA refers to a free area on the magneto-opticaldisc 90. A free area is an area into which data can be recorded(including an area from which data has been deleted). That is to say,the pointer P-FRA points to a part descriptor describing a free area (ora free track part) or points to the first one of a plurality of partdescriptors describing such a free area or such a free track part. To bemore specific, the pointer P-FRA has a value in the range 01h to FFh.This value is a number assigned to a part descriptor including the startand end addresses of the free area. If another free area exists, thepart descriptor includes a link to another part descriptor describingthe other free area. If no more free area exists, the link in the otherpart descriptor is set at 00h pointing to no part descriptor.

[0319]FIG. 11 is an explanatory diagram showing a model of management ofparts each available as a free area. Assume that part descriptors havingnumbers 03h, 18h, 1Fh, 2Bh and E3h are each designated as a partdescriptor describing a free area. In this case, the pointer P-FRA isset at 03h pointing to the first part descriptor. The link in the firstpart descriptor is set at 18h pointing to the second descriptor whereasthe link in the second part descriptor is set at 1Fh pointing to thethird descriptor and so on. Finally, the link in the fifth partdescriptor is set at 00h pointing to no part descriptor. It is to benoted that defective areas and unused parts descriptors can be managedin the same way.

[0320] The pointers P-TNO1 to P-TNO255 each refer to a track such as apiece of music recorded by the user on the magneto-optical disc 90. Forexample, the pointer P-TNO1 points to a part descriptor describing afirst track or points to one of a plurality of part descriptors, whichdescribes the first track's leading part on the time axis.

[0321] Assume for example that the first track is a piece of music notdivided into a plurality of parts on the disc, that is, the track isrecorded as a single part. In this case, the pointer P-TNO1 is set at anumber pointing to a part descriptor describing the start and endaddresses of an area for recording the first track.

[0322] As another example, assume that a second track is a piece ofmusic divided into a plurality of parts on the disc, that is, the trackis recorded as a plurality of discrete parts. In this case, the pointerP-TNO2 is set at a number pointing to the first one of part descriptorseach describing the start and end addresses of an area for recording oneof the parts of the second track. The part descriptors are put on alinked list described above in the chronological order of the parts. Toput it concretely, the pointer P-TNO2 is set at a number pointing to thefirst part descriptor describing the first part on the time axis. Thelink in the first part descriptor is set at a number pointing to thesecond descriptor describing the second part on the time axis whereasthe link in the second part descriptor is set at a number pointing tothe third descriptor describing the third part on the time axis and soon. Finally, the link in the last part descriptor is set at 00h pointingto no part descriptor. As a result, the part descriptors are put on alinked list (similar to the one shown in FIG. 11).

[0323] As described above, data of the second piece of music is recordedon parts described by part descriptors arranged in the chronologicalorder of the parts. In an operation to reproduce the second piece ofmusic by using data of U-TOC sector 0, the number set in the pointerP-TNO2 is used to make an access to the first part descriptor includingthe start address of a first part. The recording/reproduction head isthen brought to the start address. After the operation to read out dataof the first part is completed, the link in the first part descriptor isused to make an access to the second part descriptor including the startaddress of a second part. The recording/reproduction head is thenbrought to the start address and so on. In this way, continuous musicaldata can be read out from the discrete parts. In addition, it ispossible to carry out a recording operation by utilizing the recordingarea with a high degree of efficiency.

[0324] By the way, a track mode with a size of 1 byte is also recordedin each part descriptor. The track mode describes attributes of a trackdescribed by the part descriptor.

[0325] Let d1 (MSB) to d8 (LSB) be 8 bits composing the byte of thetrack mode. In this case, the track mode is defined as follows:

[0326] d1 . . . 0: Write permitted; 1: Write protected (Overwriting andediting are prohibited)

[0327] d2 . . . 0: A copyright exists; 1: No copyright exists.

[0328] d3 . . . 0: Original; 1: first or later generation

[0329] d4 . . . 0: Audio data; 1: Undefined

[0330] d5 and d6 . . . 01: Normal audio; Others: undefined

[0331] d7 . . . 0: Monophonic; 1: Stereo

[0332] d8 . . . 0: Emphasis off; 1: Emphasis on

[0333]FIG. 12 is an explanatory diagram showing the format of U-TOCsector 1. U-TOC sector 1 is a data area for storing charactersdescribing the name of each track managed by U-TOC sector 0 and the nameof the disc itself.

[0334] A pointer portion of U-TOC sector 1 includes pointers P-TNA1 toP-TNA255 associated with the recorded tracks. The pointers P-TNA1 toP-TNA255 each point to an 8-byte slot in a slot portion. Thus, the slotportion includes 255 slots 01h to FFh. In addition, the slot portionalso includes a slot 00h having a size of 8 bytes too. U-TOC sector 1 isused to manage character data in about the same way as U-TOC sector 0described above.

[0335] Each of the slots 01h to FFh is used for recording a disc titleand a track name as character information written in ASCII codes.

[0336] For example, a slot pointed to by the pointer P-TNA1 is used forrecording a string of characters entered by the user for the firsttrack. In addition, a slot may include a link pointing to another slot.Thus, if a string of characters entered by the user for a track exceeds7 bytes (or seven characters), the string of characters is stored in aplurality of slots linked with each other by such links.

[0337] It is to be noted that the 8 bytes of the slot 00h are used as aspecial area for recording the name of the disc. This slot is pointed toby none of the pointers P-TNA (x).

[0338] The pointer P-EMPTY of U-TOC sector 1 is also used for managingunused slots.

[0339] It is worth noting that, much like U-TOC sector 1, U-TOC sector 4is also used as a data area for storing character information entered bythe user. The character information may be a name assigned to a piece ofmusic recorded by the user or a disc title. Since U-TOC sector 4 has aformat similar to that of U-TOC sector 1, U-TOC sector 4 is not shown ina figure.

[0340] However, U-TOC sector 4 is used for storing code data of Kanjicharacters or European characters. Thus, U-TOC sector 4 includes theattribute of character codes in addition to data stored in U-TOC sector1 shown in FIG. 12. The attribute is recorded at a predetermined byteposition.

[0341] Character information recorded in U-TOC sector 4 is managed byusing a character-slot-indicating data portion in the same way as U-TOCsector 1. The character-slot-indicating data portion includes slotpointers P-TNA1 to P-TNA255 and 255 slots 01h to FFh pointed to by theslot pointers P-TNA1 to P-TNA255.

[0342] U-TOC sector 2 is used as a data area for storing mainly arecording date for each piece of music recorded by the user. The figureor the details of U-TOC sector 2 is omitted.

[0343] As described above, for the rewritable magneto-optical disc 90,disc areas are managed by using the P-TOC. On the other hand, otherareas such as recordable user areas for storing pieces of music and freeareas are managed by using U-TOC sector 0.

[0344] It is thus obvious that, by providing U-TOC sector 0 with such aconfiguration, for tracks recorded on the mini disc 100, division of atrack into a plurality of parts, linking of a part to another part andtrack editing including deletion can be carried out by merely updatingU-TOC sector 0.

[0345] In addition, by providing U-TOC sectors 1 and 4, it is possibleto carry out an editing operation of cataloging a string of charactersrepresenting a disc title and a string of characters representing thename of each track.

[0346] In the recording/reproduction apparatus 20A, when the mini disc100 is mounted on the recording/reproduction unit 25, first of all, theMD control unit 21 reads out TOC information from the mini disc 100 andstores the information in a specific area in the buffer memory 30.Thereafter, the TOC information in the buffer memory 30 is referred toin recording, reproduction and editing operations carried out on themini disc 100.

[0347] It is to be noted that, in operations to record content data (ora track) onto the mini disc 100 and edit a track already recorded on themini disc 100, the U-TOC sectors are updated by updating the U-TOCinformation already stored in the buffer memory 30.

[0348] Then, at a predetermined point of time, the (updated) U-TOCinformation stored in the buffer memory 30 is written back onto the minidisc 100 to update the U-TOC on the mini disc 100.

[0349] 7. Authentication Process

[0350] As a condition for transfer/recording (check-out) of content datato the recording/reproduction apparatus 20A and into the mini disc 100in an unencrypted state as described earlier in the explanation of theSDMI data paths, the result of an authentication process carried out bythe personal computer 1 for the recording/reproduction apparatus 20Amust be OK. The authentication process is processing to verify that therecording/reproduction apparatus 20A is a valid apparatus permitted tocarry out an operation to record the content data in an unencryptedstate.

[0351] The authentication process is carried out for arecording/reproduction apparatus connected to the connection unit 11 ofthe personal computer 1 besides the recording/reproduction apparatus 20Bconforming to the SDMI standard. It is to be noted that the connectedrecording/reproduction apparatus 20B supposed to conform to the SDMIstandard is also subjected to a process to confirm that the connectedrecording/reproduction apparatus 20B is a recording/reproductionapparatus 20B truly conforming to the SDMI standard. If the connectedrecording/reproduction apparatus 20B supposed to conform to the SDMIstandard is not confirmed as a recording/reproduction apparatus 20Btruly conforming to the SDMI standard, the authentication processdescribed below is carried out to verify that the connectedrecording/reproduction apparatus 20B is a valid recording/reproductionapparatus 20A.

[0352] The authentication process provided by the embodiment is carriedout by adoption of an authentication technique based on unsymmetricalencryption (or public-key encryption). In the unsymmetrical encryptionprocess, an encryption key is different from a decryption key. Letreference notation Db denote data before the encryption process,reference notation Ke denote the encryption key, reference notation Kddenote the decryption key and reference notation C denote encrypted dataobtained as a result of the encryption process. In this case, theencryption process is expressed by reference notation C=E (Ke, Db) and adecryption process of decrypting the encrypted data C to obtain thepre-encryption data Db is denoted by reference notation Db=D (Kd, C).

[0353] Here, the encryption key Ke and the decryption key Kd arereferred to as a pair of keys. One of the keys is disclosed as a publickey whereas the other key is kept in a predetermined member as a secretkey.

[0354] In the authentication process described below, the public key,which is one of the encryption key Ke and the decryption key Kd, isdenoted by reference notation P whereas the other decryption key used asthe secret key is denoted by reference notation S. For the casedescribed above, in the recording/reproduction apparatus 20A, thedecryption processing unit 28 (or the system control unit 32) is holdingthe encryption key Ke and the decryption key Kd as a public key P and asecret key S.

[0355] The authentication process is typically started by a commandtransmitted by the CPU 2 of the primary-recording-medium apparatus(personal computer) 1 to the system control unit 32 of therecording/reproduction apparatus 20A to make a request for anauthentication process. Then, in accordance with the command, processinglike one shown in FIG. 13 is carried out between the CPU 2(primary-recording-medium apparatus (personal computer)) and the systemcontrol unit 32 (recording/reproduction apparatus 20A).

[0356] The authentication process is started with a processing S1 inwhich the system control unit 32 of the recording/reproduction apparatus20A transmits the public key P held by the decryption processing unit 28to the personal computer 1 by way of the communication unit 26. It is tobe noted that the public key P is a key known by theprimary-recording-medium apparatus 1. Thus, if therecording/reproduction apparatus 20A and the primary-recording-mediumapparatus 1 recognize the same key as the public key P, the processing 1does not have to be carried out.

[0357] When the CPU 2 of the primary-recording-medium apparatus 1receives the public key, the authentication process is continued toprocessing S2 to generate a random number r. Then, in the nextprocessing S3, the random number r is transmitted to therecording/reproduction apparatus 20A.

[0358] Then, in processing S4, the system control unit 32 of therecording/reproduction apparatus 20A encrypts the random number r byusing the secret key S held by the decryption processing unit 28 togenerate encrypted data E (S, r). Subsequently, in processing S5, theencrypted data E (S, r) is transmitted to the primary-recording-mediumapparatus 1.

[0359] Then, in processing S6, by using the public key P, the CPU 2 ofthe primary-recording-medium apparatus 1 decrypts the encrypted data E(S, r) received from the recording/reproduction apparatus 20A. Theprocessing S6 is thus a decryption process expressed by D {P, E (S, r)}.

[0360] Subsequently, in processing S7, the ransom number r generated inthe processing S2 is compared with the decryption result D {P, E (S, r)}obtained in the processing S6.

[0361] If the public key P and the secret key S are a correct pair ofkeys, the result of the comparison should show that the decryptionresult D {P, E (S, r)} is equal to the random number r.

[0362] Thus, a comparison result indicating that the decryption result D{P, E (S, r)} matches the random number r confirms that therecording/reproduction apparatus 20A holds a correct secret key S forthe public key P. In this case, the authentication process goes on fromthe processing S8 to processing S9 in which the recording/reproductionapparatus 20A is authenticated as a valid connection partner.

[0363] If the comparison result indicates that the decryption result D{P, E.(S, r)} does not match the random number r, on the other hand, theauthentication process goes on from the processing S8 to processing S9in which the secondary-recording-medium apparatus is determined to benot a valid connection partner (not an apparatus allowed to receive anSDMI content), generating an NG authentication result.

[0364] If the result of the authentication process described aboveindicates that the connected apparatus is a valid recording/reproductionapparatus 20A, on the other hand, the primary-recording-medium apparatus1 recognizes that one of conditions for allowing a transfer of an SDMIcontent to the connected apparatus is satisfied.

[0365] 8. Content Encryption Technique

[0366] The recording/reproduction apparatus 20A and therecording/reproduction apparatus 20B in the data transfer systemprovided by the embodiment each correspond to a device at the bottom ofthe tree structure shown in FIG. 1. The following description explains atypical implementation of the encryption structure like the one shown inFIG. 1 in the data transfer system.

[0367]FIG. 14 is an explanatory diagram showing a flow of content dataand keys.

[0368] When content data CT1 is distributed from the external contentserver 91 to the personal computer 1, in actuality, a transmission unitfor the content data CT1 includes E (CK, A3D), E (KR, CK) and an EKB.The transmission unit is distributed to the personal computer 1 to bestored in the HDD 5.

[0369] E (CK, A3D) is a result of encryption of content data A3D byusing a content key CK. The content data A3D is data compressed by theATRAC3 technique. Thus, E (CK, A3D) is the piece of music to be actuallydistributed.

[0370] E (KR, CK) is a result of encryption of the content key CK fordecrypting the encrypted content data by using the root key KR explainedearlier by referring to FIG. 1.

[0371] The EKB is an enabling key block explained earlier by referringto FIGS. 1 to 3. As is obvious from the description of this embodiment,the EKB is information used for updating the root key KR.

[0372] Pieces of content data CT1, CT2 and so on are each distributed asa set including E (CK, A3D), E (KR, CK) and an EKB, and each stored inthe HDD 5 also as a set as shown in FIG. 14.

[0373] Content data is transferred from the personal computer 1 to therecording/reproduction apparatus 20A or the recording/reproductionapparatus 20B also as a set including E (CK, A3D), E (KR, CK) and an EKBin accordance with a predetermined procedure.

[0374] As described above, the recording/reproduction apparatus 20A andthe recording/reproduction apparatus 20B each correspond to a device (ora terminal) explained earlier by referring to FIG. 1. A leaf ID uniqueto the recording/reproduction apparatus 20A is assigned to therecording/reproduction apparatus 20A whereas a leaf ID unique to therecording/reproduction apparatus 20B is assigned to therecording/reproduction apparatus 20B. In each of therecording/reproduction apparatus 20A and the recording/reproductionapparatus 20B, DNKs (Device Node Keys) are stored.

[0375] When the recording/reproduction apparatus 20A or therecording/reproduction apparatus 20B receives a content-data set fromthe personal computer 1, the content data is decrypted before beingstored in the secondary recording medium (or the content data is storedin the secondary recording medium in the unencrypted state). In the caseof the recording/reproduction apparatus 20B conforming to the SDMIstandard, the encrypted content data is decrypted when the content datais reproduced. In the case of the recording/reproduction apparatus 20A,the encrypted content data is decrypted when the content data isrecorded onto the secondary recording medium.

[0376] As shown in the figure, in processing to decrypt the encryptedcontent data, first of all, a decryption process is carried out by usingthe stored DNKs and the received EKB to generate a root key KR.

[0377] Then, the root key KR obtained as a result of the decryptionprocess is used to decrypt E (KR, CK) to generate the content key CK.

[0378] Then, the content key CK obtained as a result of the process todecrypt E (KR, CK) is used to decrypt E (CK, A3D) to generate thecontent data A3D.

[0379] For the recording/reproduction apparatus 20A, the DNKs and aprocedure for decrypting the encrypted content data are explainedconcretely by referring to FIGS. 15A and 15B as well as FIG. 16.

[0380] Assume a key tree structure shown in FIG. 15A. A leaf ID of SET0and a leaf key of K000 are assigned to the recording/reproductionapparatus 20A.

[0381] In this case, the DNKs stored in the recording/reproductionapparatus 20A have pieces of information shown in FIG. 15B.

[0382] First of all, the DNKs include the leaf ID SET0.

[0383] The DNKs also include the leaf key K000.

[0384] The other pieces of information included in the DNKs areinformation on node keys on a path between the leaf key K000 and theroot key KR as shown in FIG. 15A. That is to say, the other pieces ofinformation are information on node keys K00 and K0 as well as the rootkey KR itself. To put it in detail, the node keys K00 and K0 as well asthe root key KR have been encrypted by using the leaf key K000 beforebeing stored. As shown in the figure, the encrypted node keys K00 and K0as well as the encrypted root key KR are listed as follows:

[0385] E (K000, K00)

[0386] E (K000, K0) and

[0387] E (K000, KR)

[0388] By using the information included in the stored DNKs, therecording/reproduction apparatus 20A decrypts the encrypted content keyE (KR, CK) and the encrypted content data E (CK, A3D), which arereceived from the personal computer 1.

[0389] To put it in detail, the recording/reproduction apparatus 20Afirst decrypts E (K000, KR) by using the leaf key K000 to produce D{K000, E (K000, KR)}, which is the root key KR.

[0390] Then, the root key KR is used to decrypt the encrypted contentkey E (KR, CK) to produce D {KR, E (KR, CK)}, which is the content keyCK.

[0391] Finally, the content key CK is used to decrypt the encryptedcontent data E (CK, A3D) to produce D {CK, E (CK, A3D)}, which is thecontent data A3D.

[0392] As described earlier, however, the root key KR and the node keysare not fixed all the time. For a variety of reasons, they are changed.In the case of a data transfer system in which the content key CK istransmitted in a state of being encrypted by using the root key KR asdescribed above, the root key may be changed for each content data.

[0393] For example, a music distribution enterprise changes the root keyKR from content to content to strengthen protection of copyrights insome cases. Since the root key KR is variable, an EKB is alsotransmitted at the same time as described earlier so that an authorizeddevice is capable of obtaining the changed root key KR.

[0394] Assume that, for encrypted content data E (CK, A3D), a contentkey E (KR′, CK) encrypted by a changed root key KR′ and an EKB arereceived as shown in FIG. 16. The EKB includes E (K0, KR′), which is theupdated root key KR′ encrypted by a node key K0.

[0395] It is to be noted that the updated root key KR′ encrypted by anode key K0 can be decrypted only by devices owning the node key K0. Asshown in FIGS. 15A and 15B, only devices with leaf IDs SET0 to SET3 arecapable of obtaining the updated root key KR′. If only the deviceshaving leaf IDs SET0 and SET1 need to know the updated root key KR′, theEKB needs to include E (K00, KR′), which is the updated root key KR′encrypted by using a nod key K00.

[0396] As explained earlier by referring to FIG. 15B, the DNKs stored inthe recording/reproduction apparatus 20A include E (K000, K00) and E(K000, K0), which are respectively the node keys K00 and K0 encrypted byusing the leaf key K000. The DNKs also include E (K000, KR), which isthe root key KR encrypted by using the leaf key K000.

[0397] In the above-described state, the procedure to decrypt contentdata A3D is described in steps (1) to (4) which are shown in FIG. 16.

[0398] Step (1): Since the received EKB is the encrypted updated rootkey E (K0, KR′), the node key K0 is first obtained from the DNKs. Thatis to say, the encrypted node key E (K000, K0) is decrypted by using theleaf key K000 to produce D {E (K000, K0)}, which is the node key K0.

[0399] Step (2): Next, the node key K0 is used for decrypting theencrypted updated root key E (K0, KR′) included in the EKB to produce D{E (K0, KR′)}, which is the updated root key KR′.

[0400] Step (3): The updated root key KR′ obtained as a result of thedecryption process of the step (2) is used for decrypting the encryptedcontent key E (KR′, CK) to produce D {E (KR′, CK)}, which is the contentkey CK.

[0401] Step (4): The content key CK obtained as a result of thedecryption process of the step (3) is used for decrypting the encryptedcontent data E (CK, A3D) to produce D {E (CK, A3D)}, which is thecontent data A3D.

[0402] In accordance with the procedure described above, therecording/reproduction apparatus 20A is capable of decrypting theencrypted content data and storing the content data onto the mini disc100.

[0403] In the case of the recording/reproduction apparatus 20B, on theother hand, in an operation to reproduce content data recorded on thesecondary recording medium in an encrypted state, the proceduredescribed above is executed to decrypt the encrypted content data togenerate reproduced music or the like.

[0404] 9. Content Check-Outs/Check-Ins

[0405] The following description explains processing carried out by thepersonal computer 1 and the recording/reproduction apparatus 20A totransfer content data from the HDD 5 of the personal computer 1 to therecording/reproduction apparatus 20A in a check-out and to return thecontent data checked out to the recording/reproduction apparatus 20Aback to the HDD 5 in a check-in.

[0406] In actuality, a plurality of check-outs and check-ins of contentdata is carried out in a communication session. It is to be noted,however, that only flows in one check-out of content data and onecheck-in of the content data are described for the sake of explanationsimplicity.

[0407]FIGS. 17 and 18 are a diagram showing processing of a check-out.In the processing shown in FIGS. 17 and 18, control executed by the CPU2 employed in the personal computer 1 includes steps F101 to F112. Onthe other hand, control executed by components such as the systemcontrol unit 32 and the decryption processing unit 28, which areemployed in the recording/reproduction apparatus 20A, includes stepsF201 to F215.

[0408] It is to be noted that a communication session is implemented byexecuting a variety of control commands and issuing responses to thecontrol commands.

[0409] The check-out of content data stored in the HDD 5 begins with astep F101 shown in FIG. 17. At the step F101, the CPU 2 issues a requestfor the start of an authentication process to the recording/reproductionapparatus 20A. That is to say, an authentication-start control commandis transmitted to the recording/reproduction apparatus 20A.

[0410] In response to the authentication-start control command, therecording/reproduction apparatus 20A informs the personal computer 1 ofan approval of the start of the authentication process at a step F201.That is to say, an authentication-start response command is transmittedto the personal computer 1.

[0411] Then, at a step F102, the personal computer 1 makes a request fora leaf ID. At this request, the recording/reproduction apparatus 20Atransmits a stored leaf ID at a step F202.

[0412] It is to be noted that the personal computer 1 examines the leafID of the recording/reproduction apparatus 20A connected to the personalcomputer 1 in this way to determine whether or not therecording/reproduction apparatus 20A is an apparatus having a valid leafID.

[0413] Then, at a step F103, the personal computer 1 transmits an EKBfor content data, which is to be transferred hereafter, to therecording/reproduction apparatus 20A.

[0414] When the recording/reproduction apparatus 20A receives the EKB,first of all, at a step F203, the recording/reproduction apparatus 20Astores the version number of the EKB (refer to FIG. 3). Then, at thenext step F204, the recording/reproduction apparatus 20A uses thereceived EKB and the stored DNKs for executing the steps (1) and (2) ofthe procedure shown in FIG. 16 to obtain a root key KR for the contentdata, and stores the root key KR.

[0415] Subsequently, at the next step F205, the recording/reproductionapparatus 20A informs the personal computer 1 that the root key KR hasbeen obtained.

[0416] Informed that the processing to obtain the root key KR has beencompleted, at a step F104, the personal computer 1 issues a controlcommand making a request for a start of the actual check-out session tothe recording/reproduction apparatus 20A. At this request, therecording/reproduction apparatus 20A transmits a response commandindicating an approval of the request for a start of the actualcheck-out session at a step F206.

[0417] It is to be noted that this response command is issued inresponse to the control command by carrying out the authenticationprocessing explained earlier by referring to FIG. 13.

[0418] As described earlier, in the processing shown in FIG. 13, therecording/reproduction apparatus 20A not conforming to the SDMI standardis authenticated to determine whether or not the recording/reproductionapparatus 20A is an apparatus allowed to decrypt the encrypted contentdata and store the content data onto the secondary recording medium inan unencrypted state. If the result of the authentication process is NG,the check-out session is of course aborted, though the abortion of thecheck-out session is not shown in FIG. 17.

[0419] Next, at a step F105, the personal computer 1 transmits anencrypted content key E (KR, CK), which is related to the content datato be transmitted thereafter, to the recording/reproduction apparatus20A.

[0420] Receiving the encrypted content key E (KR, CK), therecording/reproduction apparatus 20A executes the step (3) of theprocedure shown in FIG. 16 at a step F207. At the step (3), the storedroot key KR is used for decrypting the encrypted content key E (KR, CK)to produce the content key CK. Then, at the next step F208, the personalcomputer 1 is informed that the decryption process to produce thecontent key CK has been completed.

[0421] At a step F106, the personal computer 1 transmits a record-objectcontrol command to the recording/reproduction apparatus 20A to provideinformation on a content to be checked out hereafter to therecording/reproduction apparatus 20A.

[0422] The format of the record-object control command is shown in FIG.19. The size of the record-object control command is 30 bytes. Therecord-object control command is a command issued by the personalcomputer 1 to inform the recording/reproduction apparatus 20A (or 20B)of information on actual content data to be transferred in acommunication session of a check-out.

[0423] As shown in FIG. 19, the format of the record-object controlcommand includes ‘Record object’ as an operation code. In addition, theformat also includes information bits such as a communication result(result), an identification code of the communication object apparatus(destination list ID), a track number for a check-out content on thesecondary recording medium (new object position number), a content-datatype (content type), the format of the content data in the primaryrecording medium (download format track attribute), the attributes ofthe content in the secondary recording medium (track mode), acontent-data length (content size) and a bulk data length of the contentdata (bulk data size).

[0424] The format of the content data in the primary recording medium(download format track attribute) is a compression technique of contentdata to be transmitted from the HDD 5 and its bit rate as well ascontent data's compression technique, which is adopted when the contentdata is output to a transmission line, and its bit rate.

[0425] The attributes of a content in the secondary recording medium(track mode) is a specification of a compression technique, which is tobe adopted when the content is recorded onto the mini disc 100 and otherattributes such as an attribute specifying monophonic or stereo. Thespecified compression technique is typically either ATRAC, ATRAC3 at 132kbps or ATRAC3 at 66 kbps.

[0426] It is to be noted that, though not shown in FIG. 17, therecording/reproduction apparatus 20A transmits a response command to thepersonal computer 1 in response to the record-object control commandtransmitted by the personal computer 1 at the step F106.

[0427] From the notice transmitted at the step F208 to indicatecompletion of the decryption process to obtain the content key CK andfrom the response command transmitted in response to the record-objectcontrol command, the personal computer 1 recognizes that preparationsfor reception and decryption of content data have been completed at therecording/reproduction apparatus 20A. Thus, the flow of the check-outgoes on to P1 representing a step F107 shown in FIG. 18. At this step,the content data is transferred to the recording/reproduction apparatus20A. To be more specific, content data E (CK, A3D) encrypted by thecontent key CK is transmitted.

[0428] On the other hand, the flow of the check-out in therecording/reproduction apparatus 20A goes on to R1 representing a stepF209 shown in FIG. 18. At this step, the content data E (CK, A3D) whichhas been transferred from the personal computer 1 is received. Then, thestep (4) of the procedure shown in FIG. 16 is executed to decrypt theencrypted content data E (CK, A3D) by using the content key CK and tostore the content data A3D obtained as a result of the decryptionprocess onto the mini disc 100.

[0429] Furthermore, a content ID is generated from the unencryptedcontent data.

[0430] When the processes to transfer a piece of content data (such as apiece of music) from the personal computer 1 and to record the contentdata onto the mini disc 100 are completed, it is necessary to update theU-TOC on the mini disc 100 right away.

[0431] As described earlier, the U-TOC recorded on the innercircumference portion of the mini disc 100 is used for managing thestart and end addresses of each track such as each piece of music andother information. In an operation to reproduce a track, the track'saddresses on the mini disc 100 are obtained from the U-TOC.

[0432] In this embodiment, however, at the point of time the process torecord the content data onto the mini disc 100 is completed, only theU-TOC stored in the buffer memory 30 is updated at a step F210. That isto say, the U-TOC on the mini disc 100 is not updated right away.

[0433] When the process to update the U-TOC in the buffer memory 30 iscompleted, a record-object response command is transmitted to thepersonal computer 1 at the next step F211.

[0434] At this point of time, the processing to write the piece ofcontent data is completed and the content ID generated for the contentdata at the step F209 is reported to the personal computer 1.

[0435] The format of the record-object response command is shown in FIG.20.

[0436] As shown in FIG. 20, the format of the record-object responsecommand with a size of 62 bytes includes ‘Record object’ as an operationcode. In addition, the format also includes information bits such as acommunication result (result), an identification code of thecommunication object apparatus (destination list ID), a track number fora check-out content on the secondary recording medium (new objectposition number), a content-data type (content type), the format of thecontent data in primary recording medium (download format trackattribute), the attributes of the content in the secondary recordingmedium (track mode), a content-data length (content size) and a bulkdata length of the content data (bulk data size).

[0437] In the case of the record-object response command, the formatalso includes a session-data field with a size of 32 bytes. This fieldis used as an area for reporting the content ID generated by therecording/reproduction apparatus 20A to the personal computer 1.

[0438] Thus, such a record-object response command is used by therecording/reproduction apparatus 20A to report the completion of thetransfer of the content data and the content ID to the personal computer1.

[0439] At a step F108, the personal computer 1 carries out processing ona content-ID table in accordance with the notice of the content ID. Aswill be described later, the processing is carried out to associate acontent ID generated by the personal computer 1 and appended to thecontent data stored in the HDD 5 with the content ID generated by therecording/reproduction apparatus 20A at the step F209.

[0440] Next, at a step F109, the personal computer 1 transmits acheck-out control command to the recording/reproduction apparatus 20A.

[0441] At the next step F110, the personal computer 1 updates the usagerule for the content data because of the check-out of the content data.To be more specific, a content right is changed by decrementing thenumber of allowable check-outs for the content data by 1.

[0442] At a step F212, the recording/reproduction apparatus 20A carriesout processing of an actual check-out requested by the check-out controlcommand. To be more specific, the U-TOC on the mini disc 100 is updatedto put the recorded content data in a reproducible state. In this way, aright to reproduce content data is given to the secondary recordingmedium.

[0443] It is to be noted that, at that time, in the content data's trackmode in U-TOC sector 0, the bit d1 has been set at 1 to put the contentdata in a write-protected state.

[0444] When the processing to update the U-TOC for the check-out iscompleted, at a step F213, a check-out response command is transmittedto the personal computer 1 to inform that the processing to update theU-TOC for the check-out has been completed.

[0445] At this point of time, the check-out or the transfer of a contentright is completed.

[0446]FIG. 21 is an explanatory diagram showing the format of acheck-out control command and FIG. 22 is an explanatory diagram showingthe format of a check-out response command.

[0447] The check-out control command has a size of 25 bytes and thecheck-out response command has a size of 17 bytes.

[0448] As shown in FIG. 21, the check-out control command includesinformation bits such as ‘Check-out’ as an operation code, acommunication result (result), an identification code of thecommunication object apparatus (list ID), the track number for acheck-out content on the secondary recording medium (object positionnumber) and an encrypted session key (DES CBC (Ks, 0)).

[0449] As shown in FIG. 22, on the other hand, the check-out responsecommand includes information bits such as ‘Check-out’ as an operationcode, a communication result (result), an identification code of thecommunication object apparatus (list ID) and a track number for thecheck-out content on the secondary recording medium (object positionnumber).

[0450] As described above, the check-in control command is transmittedby the personal computer 1 to the recording/reproduction apparatus 20Aand, as the check-out response command is transmitted from therecording/reproduction apparatus 20A to the personal computer 1 toindicate completion of the check-out, at a step F111, the personalcomputer 1 transmits a control command requesting an end of the sessionto the recording/reproduction apparatus 20A. At a step F214, therecording/reproduction apparatus 20A transmits a response commandapproving the end of the session to the personal computer 1.

[0451] At a step F112, the personal computer 1 transmits a controlcommand to end the authentication state to the recording/reproductionapparatus 20A. In response to this control command, therecording/reproduction apparatus 20A transmits a response command toapprove the end of the authentication state to the personal computer 1at a step F215.

[0452] At this point of time, a sequence of communications forimplementing the check-out is ended.

[0453] It is to be noted that, if a plurality of contents having acommon root key are checked out by carrying out the communicationsdescribed above, it is necessary only to repeat the steps F105 to F108and the steps F207 to F211 for each of the second and subsequentcontents.

[0454] If successive contents with different EKB versions must betransferred continuously, an EKB also needs to be transferred along witheach of the contents.

[0455] Next, the check-in processing is explained by referring to FIG.23.

[0456] In the processing shown in FIG. 23, control executed by the CPU 2employed in the personal computer 1 includes steps F101 to F156. On theother hand, control executed by components such as the system controlunit 32 and the decryption processing unit 28, which are employed in therecording/reproduction apparatus 20A, includes steps F201 to F257.

[0457] Also in this case, a communication session is implemented byusing a variety of control commands and a variety of response commandsgenerated in response to the control commands.

[0458] Also in the case of a check-in, processing including the start ofan authentication process, a transfer of an EKB and a search for a rootkey is carried out in the same way as the check-out described above. Tobe more specific, pieces of processing carried out at steps F101 to F103and F201 to F205 are the same as their counterparts shown in FIG. 17,making it unnecessary to repeat their explanation.

[0459] At a step F150, the personal computer 1 transmits a controlcommand making a request for the start of a check-in session to therecording/reproduction apparatus 20A.

[0460] In response to this control command, the recording/reproductionapparatus 20A transmits a response command at a step F250.

[0461] It is to be noted that, also in this case, the authenticationprocessing explained earlier by referring to FIG. 13 is carried out.

[0462] If the result of the authentication processing carried out on therecording/reproduction apparatus 20A is OK, the requested check-insession is started. In this case, the personal computer 1 makes arequest for the ID of content data to be checked in at a step F151. Forexample, the personal computer 1 transmits a track number of the contentdata to be checked in on the mini disc 100 to the recording/reproductionapparatus 20A, making a request for the content ID.

[0463] At this request, first of all, at a step F251, therecording/reproduction apparatus 20A forms a judgment as to whether ornot the specified content data (or the specified track) is content datathat can be checked in. The judgment can be formed by examining thewrite-control flag (or the d1 bit of the track mode) recorded in theU-TOC for the track.

[0464] Content data is determined to be content data that can be checkedin if the content data has been recorded on the mini disc 100 as aresult of a check-out and has not been edited on the mini disc 100.

[0465] When a check-out shown in FIGS. 17 and 18 is carried out, the d1bit of the track mode recorded in U-TOC sector 0 of the mini disc 100for the content recorded on the mini disc 100 as a result of thecheck-out is set at 1 as described earlier.

[0466] The d1 bit is used as a write control flag for the contentrecorded on the mini disc 100 as a result of the check-out.

[0467] To be more specific, the d1 bit is the so-called write protectflag in the mini-disc system. To put it concretely, an editing processsuch as deletion, division and concatenation is prohibited for a trackwith the d1 bit set at 1. That is to say, no editing process such asdeletion, division and concatenation can be carried out on a track withthe d1 bit set at 1 without regard to whether thesecondary-recording-medium apparatus is the conventional mini-discrecorder, that has been becoming popular at the present time, or amini-disc recorder used as the recording/reproduction apparatus 20A.

[0468] In actuality, however, the d1 bit for a track recorded on themini disc 100 mounted on a mini-disc system is not set at 1automatically.

[0469] Thus, the d1 bit is information clearly indicating not onlyprohibition of an editing process for the track, but also a contentchecked out from the personal computer 1.

[0470] If the d1 bit indicates that the content data to be checked in iscontent data obtained as a result of a check-out or content data thatcan be checked in, at a step F252, the ID of the content data isprepared. To put it concretely, a content ID is computed at this pointof time, or an already computed and stored content ID is read out. Atechnique for generating a content ID will be described later.

[0471] Then, at the next step F253, the content ID is transmitted to thepersonal computer 1.

[0472] It is to be noted that, if the content data to be checked in isnot content data that can be checked in, on the other hand, the personalcomputer 1 is informed of the fact that the content data to be checkedin is not content data that can be checked in, and an error handlingprocess is carried out thereafter.

[0473] At a step F152, the personal computer 1 collates the content IDreceived from the recording/reproduction apparatus 20A. To be morespecific, the content ID received from the recording/reproductionapparatus 20A is compared with a saved content ID, which was generatedby the recording/reproduction apparatus 20A and transmitted to thepersonal computer 1 in a check-out. The saved ID was then stored in thepersonal computer 1 as table data associated with a content ID generatedby the personal computer 1. The content IDs are compared with each otherto assure that the content data to be checked in is the correct contentdata. If the result of the collation is OK, at a step F153, an actualcheck-in is requested.

[0474] If the result of the collation is NG, on the other hand, errorprocessing is carried out.

[0475] A check-in is requested at the step F153 by issuing a check-incontrol command shown in FIG. 24.

[0476]FIG. 24 is an explanatory diagram showing the format of a check-incontrol command and FIG. 26 is an explanatory diagram showing the formatof a check-in response command.

[0477] The check-in control command is 17 bytes in length and thecheck-in response command is 25 bytes in length.

[0478] The check-in control command shown in FIG. 24 has informationbits including ‘Check-in’ as an operation code, a communication result(result), a sub-function, an identification code of the communicationobject apparatus (list ID) and a track number for a check-in content onthe secondary recording medium (object position number).

[0479] Sub-functions are defined as shown in FIG. 25. The definitionsdescribe processing requested by the check-in control command.

[0480] A sub-function value of 00h indicates that the check-in controlcommand makes a request for a content ID. The check-in control commandis thus a command making a request for an actual check-in to return areproduction right granted to the secondary recording medium.

[0481] A sub-function value of 01h is reserved. However, this value canbe used in a command during an actual check-in process.

[0482] A check-in control command having another sub-function valuemakes a request for peculiar information such as pre-paid informationrecorded on the secondary recording medium. Thus, a check-in controlcommand having another sub-function value merely requests that pre-paidinformation and the like be read out and does not make a request for acheck-in (or the return of the reproduction right).

[0483] On the other hand, the check-in response command shown in FIG. 26has information bits including ‘Checkin’ as an operation code, acommunication result (result), a sub-function, an identification code ofthe communication object apparatus (list ID) and a track number for thecheck-in content on the secondary recording medium (object positionnumber).

[0484] In addition, the check-in response command also includes an8-byte field (hash MAC) for reporting the content ID generated bycarrying out HASH function processing to the personal computer 1.

[0485] In the check-in control command transmitted at the step F153 ofthe check-in shown in FIG. 23, the value of the sub-function is set at00h to indicate an actual check-in. The list ID is set at a valuespecifying the recording/reproduction apparatus 20A. The object positionnumber is set at a value specifying the track number of the check-incontent on the mini disc 100.

[0486] At the next step F154, a usage rule for the content data isupdated in accordance with the check-in control command. To be morespecific, the number of permitted transfers is incremented by 1.

[0487] At a step F254, the recording/reproduction apparatus 20A updatesthe U-TOC data. To put it in detail, the contents of U-TOC sector 0 areupdated to delete the track used as a check-in object from the mini disc100. That is to say, the track is put in an irreproducible state or astate of losing a reproduction right.

[0488] Then, at the next step F255, the check-in response command shownin FIG. 26 is transmitted.

[0489] At this point of time, the check-in or the operation to returnthe content right is completed.

[0490] Upon completion of the check-in, at a step F155, the personalcomputer 1 transmits a control command making a request for an end ofthe session to the recording/reproduction apparatus 20A. In response tothis control command, the recording/reproduction apparatus 20A transmitsa response command approving the end of the session to the personalcomputer 1 at a step F256.

[0491] At a step F156, the personal computer 1 transmits a controlcommand making a request for an end of the authentication state to therecording/reproduction apparatus 20A. In response to this controlcommand, the recording/reproduction apparatus 20A transmits a responsecommand approving the end of the authentication state to the personalcomputer 1 at a step F257.

[0492] At this point of time, the sequence of communications for thecheck-in is ended.

[0493] It is to be noted that, if a plurality of contents must bechecked in by carrying out the communications described above, theoperation to verify the content ID and the operation to request thecheck-in, that is, the steps F151 to F154 and F251 to F255, need to berepeated for each of the contents.

[0494] 10. Generation and Management Technique of Content IDs

[0495] Usage rules followed in check-ins and check-outs are managed byusing content IDs for each content.

[0496] As described before, in a secondary recording medium conformingto the SDMI standard, a format allowing content IDs to be recorded isadopted. Thus, in a check-out or a check-in, both the personal computer1 and the recording/reproduction apparatus 20B conforming to the SDMIformat are capable of identifying content data used as an object of thecheck-out or the check-in by using a content ID generated by thepersonal computer 1.

[0497] However, the recording/reproduction apparatus 20A for a secondaryrecording medium such as the mini disc 100, which has been becomingpopular for the past years, is not capable of identifying content databy using a content ID generated by the personal computer 1. This isbecause, as a result of a check-out, content data is recorded on themini disc 100 including no area for storing a content ID. Even if suchan area is newly prescribed in the U-TOC or the like and a content ID isrecorded on the mini disc 100, the content ID will be inadvertentlyerased in an operation carried out by a mini-disc recorder of the oldtype to update the U-TOC. Thus, content IDs cannot be managed in themini disc 100.

[0498] If content IDs cannot be managed in the secondary recordingmedium, a check-in is impossible because content data cannot be collatedin the check-in process even though a check-out is possible.

[0499] To solve this problem, the recording/reproduction apparatus 20Ais provided with a function for generating a content ID from the contentdata itself.

[0500] In addition, table data is provided in the personal computer 1 sothat a first content ID generated by the personal computer 1 can becompared with a second content ID generated by therecording/reproduction apparatus 20A.

[0501] First of all, a technique adopted by the recording/reproductionapparatus 20A to generate a content ID is explained.

[0502] For generation of a content ID of content data, there is providedmeans for carrying out a CBC_MAC process by sampling particular data ina content-data stream in addition to track information and a contentlength (content size) of the content data.

[0503]FIG. 27 is an explanatory diagram showing a model representing theentire content data such as music. This content data is a data stream ina state of being compressed by adoption of the ATRAC or ATRAC3technique. The content data has been transmitted by the personalcomputer 1 in a check-out in an encrypted state, and decrypted toproduce the data stream.

[0504] Assume for example that points P1 and P2 are set as samplingpoints for the content data, and data of sound units (each represented ahatched rectangle) is extracted. Data of a sound unit has a typicallength of 424 bytes. The data of a sound unit thus corresponds to thesound unit explained earlier by referring to FIG. 8. However, the dataof a sound unit does not have to correspond to the sound unit explainedearlier.

[0505] A content ID is then generated by using part of the sampledactual content data.

[0506] The start and the end of a content should be avoided as alocation at which a sampling point is set since it is quite within thebounds of probability that the start and the end of a content are each asilent data. In addition, by setting sampling points at two locations asis the case with the sampling points P1 and P2 described above, theprobability of extracting unique data can be increased. From uniquedata, it is possible to generate a content ID having a sufficientlyeffective function as a content descriptor. It is needless to say thatsampling points can be set at three or more locations. Moreover, onesampling point at a location other than the start and the end of acontent is sufficient.

[0507] Furthermore, if the sampling points P1 and P2 are set atlocations determined in accordance with the data length (or data size),instead of being set at locations selected at random, for particularcontent data, the same content ID is obtained without regard to thenumber of times the calculation of a content ID is repeated. Althoughthe content ID is not saved on the secondary recording medium, if thecontent data itself is recorded on the secondary recording medium, thesame content ID can be calculated at the different point of time. Thisphenomenon makes it unnecessary to record such a content ID on the minidisc 100 used as a secondary recording medium.

[0508] To put it concretely, the sampling points P1 and P2 are set atlocations at distances of ⅓ and ⅔ of the data size (or the data length)from the end of the content. Of course, the locations are not limited tothe locations at distances of ⅓ and ⅔ of the data length from the end ofthe content. For example, the locations can be locations at distances ofthe data length's any fractions such as ½, ¼, ¾, ⅕, ⅖, ⅗, ⅘, ⅙, ⅚ and soon of the data length from the end of the content.

[0509] A technique to find a content ID from content data by using ahash function is expressed by using Eq. (1) as follows:

Content ID=CBC _(—) MAC (Key hash, IV, Stream (P1)//Stream (P2)  (1)

[0510] In the above equation, Key hash is intrinsic key data having asize of 8 bytes.

[0511] Stream (P1) is data of a sound group at the sampling point P1,Stream (P2) is data of a sound group at the sampling point P2,notation//denotes an operator of concatenation.

[0512] Thus, notation Stream (P1)//Stream (P2) represents aconcatenation of the data of the sound group at the sampling point P1and the data of the sound group at the sampling point P2. Theconcatenated data has a length of 424×2 bytes.

[0513] Notation IV is an initial value of a CBC mode having a length of8 bytes. The initial value IV is expressed by Eq. (2) in terms of acontent length (length) with a size of 4 bytes and 1-byte trackinformation TrackModeByte as follows:

IV={length//TrackModeByte//32 bits padding with zero}  (2)

[0514] In this case, the 4-byte content size and the 1 byte track modeincluded in the record-object control command shown in FIG. 19 can beused as the content length (Length) with a size of 4 bytes and 1-bytetrack information (TrackModeByte) in Eq. (2).

[0515] Such a content ID is generated by a HASH engine mounted typicallyon the decryption processing unit 28 of the recording/reproductionapparatus 20A. The initial value IV computed by using Eq. (2) issubstituted into Eq. (1) for the term IV. The recording/reproductionapparatus 20A is capable of computing the initial value IV frominformation included in the record-object control command (received atthe step F106 of the check-out session shown in FIG. 17).

[0516] In addition, prior to a transfer of content data, the length ofthe content data can be identified from the content size included in therecord-object control command. Thus, the distances of ⅓ and ⅔ of thecontent length for locations of the sampling points P1 and P2 can alsobe determined prior to a transfer of the content data.

[0517] Therefore, after pieces of data of the sound groups at thesampling points P1 and P2 are extracted following the start of theactual transfer of the content data, a content ID can be computed byusing Eq. (1).

[0518] For content data recorded on the mini disc 100, the size of thecontent data can of course be found from the data of U-TOC sector 0.Thus, the locations of the sampling points P1 and P2 can be determined.

[0519] In addition, a track mode included in the record-object controlcommand transmitted in a check-out is recorded as a track mode in U-TOCsector 0 so that the initial value IV can be found from data of U-TOCsector 0 by using Eq. (2).

[0520] Thus, for content data recorded on the mini disc 100, a contentID can be found at any point of time.

[0521] For example, the recording/reproduction apparatus 20A is capableof generating a content ID of its own for content data used as an objectof a check-out as described above.

[0522] Unless the content ID generated by the recording/reproductionapparatus 20A is associated with a content ID generated by the personalcomputer 1 and stored in the HDD 5, however, the content ID generated bythe recording/reproduction apparatus 20A cannot be utilized properly.

[0523] The content ID stored in the HDD 5 as described above isgenerated for content data by an application running on the personalcomputer 1. The content ID found in advance by this application includesinformation unique to the apparatus (personal computer 1) having aprimary recording medium such as the HDD 5, time information stored inthe HDD 5 and a random number. An example of the information unique tothe personal computer 1 is an ID unique to the application installed inthe personal computer 1.

[0524] A (second) content ID generated by the recording/reproductionapparatus 20A is associated by the personal computer 1 with a (first)content ID generated by the personal computer 1 as described above astable data shown in FIG. 28.

[0525] It is to be noted that the table data represents associationsunique to the apparatus using a primary recording medium such as the HDD5.

[0526] At the step F211 of a check-out session shown in FIG. 18, arecord-object response command is used by the recording/reproductionapparatus 20A to inform the personal computer 1 of the second content IDgenerated by the recording/reproduction apparatus 20A. Then, thepersonal computer 1 carries out processing on the table data at the stepF108. In this processing, an element of the table data (shown in FIG.28) is created for the content data transferred in the check-out. Theelement associates the first content ID generated by the personalcomputer 1 for the content data with the second content ID generated bythe recording/reproduction apparatus 20A for the same content data.

[0527] The typical table data shown in FIG. 28 consists of threeelements, namely, first, second and third elements, each associating afirst content ID with a second content ID.

[0528] In management of the table data (for example, record/update inthe HDD 5) by the personal computer 1, content data checked out to themini disc 100 can be managed by using its content ID. Thus, check-outsand check-ins can be managed.

[0529] As described above, the mini disc 100 does not include an areafor storing content IDs. However, the recording/reproduction apparatus20A is capable of finding a content ID for content data stored in themini disc 100.

[0530] Thus, when it is desired to check in content data back to thepersonal computer 1, the personal computer 1 requests that therecording/reproduction apparatus 20A transmit the (second) content ID ofthe content data. The personal computer 1 then confirms that the(second) content ID received from the recording/reproduction apparatus20A matches the (second) content ID stored as an element of the tabledata shown in FIG. 28 (The second content ID stored as an element of thetable data was received from the recording/reproduction apparatus 20A inthe check-out of the content data). If the second content ID receivedfrom the recording/reproduction apparatus 20A matches the second contentID stored as an element of the table data, the personal computer 1carries out a check-in process for the content data managed by the(first) content ID.

[0531] The above description explains the meanings of the pieces ofprocessing carried out at the steps F151, F152, F252 and F253 shown inFIG. 23.

[0532] By adoption of such a content-ID management technique, even for asecondary recording medium not conforming to the SDMI standard (minidisc 100 and the like), it is possible to properly execute management ofcheck-outs and check-ins, that is, management of content rights, in thedata transfer system.

[0533] 11. Acquisition of Medium Information

[0534] So far, a check-out and a check-in from and to a mini disc 100used as a secondary recording medium have been explained.

[0535] When a check-out from a mini disc 100 used as a secondaryrecording medium is carried out, it is necessary for the personalcomputer 1 to acquire information on the mini disc 100 mounted on therecording/reproduction apparatus 20A connected to the personal computer1 in advance.

[0536] In this embodiment, at a point of time prior to execution of anactual check-out/check-in, for example, at a point of time therecording/reproduction apparatus 20A is connected to the personalcomputer 1 by typically a USB transmission line, the personal computer 1carries out communication processing to acquire information on the minidisc 100 mounted on the recording/reproduction apparatus 20A. Thisprocessing to acquire information on the mini disc 100 is referred to asmedium-information acquisition processing.

[0537] The medium-information acquisition processing is explained byreferring to FIGS. 29 and 30. In FIGS. 29 and 30, pieces of processingof steps F180 to F188 are carried out by the personal computer 1 byexecution of application software driving the personal computer 1 tofunction as a data transfer apparatus. On the other hand, pieces ofprocessing of steps F280 to F286 are carried out by the system controlunit 32 employed in the recording/reproduction apparatus 20A.

[0538] When the medium-information acquisition processing is carried outat a point of time the recording/reproduction apparatus 20A is connectedto the personal computer 1, for example, at the step F180, the personalcomputer 1 transmits a request for exclusive control to therecording/reproduction apparatus 20A. In this case, an exclusive log-incontrol command shown in FIG. 31 is transmitted to therecording/reproduction apparatus 20A.

[0539] The exclusive log-in control command includes a sub-unit type anda sub-unit ID, which indicate a control-object apparatus, as well as apriority field for indicating the control level. The exclusive log-incontrol command prevents or restricts the recording/reproductionapparatus 20A from carrying out operations such as processing to deletedata from the mini disc 100 used as a secondary recording medium, editdata on the mini disc 100, dismount the mini disc 100 and control thepower supply.

[0540] That is to say, the exclusive log-in control command puts therecording/reproduction apparatus 20A in a state wherein the operationsdescribed above are carried out by the recording/reproduction apparatus20A only at a request made by the personal computer 1.

[0541] The priority included in the exclusive log-in control commandindicates various states of prohibition and restriction of theoperations.

[0542] For example, the operations of the recording/reproductionapparatus 20A are controlled at the following levels:

[0543] Control level 4: The operations are prohibited completely unlessthere is a command from the personal computer 1 to make a request forany of the operations.

[0544] Control level 3: Operations to control the power supply, ejectthe secondary recording medium, divide a track, link tracks and delete atrack are prohibited completely unless there is a command from thepersonal computer 1 to make a request for any of the operations.

[0545] Control level 2: Operations to divide a track, link tracks anddelete a track are prohibited completely unless there is a command fromthe personal computer 1 to make a request for any of the operations.

[0546] Control level 1: Operations to edit or delete a track other thana check-out content are permitted.

[0547] Control level 0: No restrictions are imposed on the operations.

[0548] It is needless to say that the above control levels are typical.In actuality, a larger number of various control levels is conceivable.

[0549] The recording/reproduction apparatus 20A sets a control mode inaccordance with the exclusive log-in control command and, at the stepF280, transmits a response indicating an approval of the request for theexcusive control.

[0550] It is to be noted that the state of the exclusive control iscontinued till the personal computer 1 transmits an exclusive log-outcontrol command shown in FIG. 32.

[0551] This exclusive log-out control command is a command given to therecording/reproduction apparatus 20A to terminate the state of theexclusive control. The format of the exclusive log-out control commandis the same as the format of the exclusive log-in control command exceptthat the priority is set at 00 h indicating a control level of a freestate.

[0552] After the personal computer 1 puts the recording/reproductionapparatus 20A in the state of exclusive control and a control right isthus transferred to an application running on the personal computer 1,descriptors are opened and, at the step F181, the personal computer 1acquires status of the mini disc 100 mounted on therecording/reproduction apparatus 20A. To put it concretely, the personalcomputer 1 transmits a get-disc-status control command shown in FIG. 33to the recording/reproduction apparatus 20A.

[0553] In response to the get-disc-status control command, therecording/reproduction apparatus 20A transmits a get-disc-statusresponse command shown in FIG. 34 to the personal computer 1 at the stepF281. The personal computer 1 then closes the descriptors in accordancewith the get-disc-status response command.

[0554] As shown in FIG. 34, the get-disc-status response commandtransmitted by the system control unit 32 employed in therecording/reproduction apparatus 20A to the personal computer 1 includesa ‘disc in drive’ field at offset byte offset 1Ah. If the mini disc 100has been mounted on the recording/reproduction apparatus 20A, thetransmitted get-disc-status response command includes an asserted ‘discin drive’ field.

[0555] Thus, the personal computer 1 is capable of determining whetheror not the mini disc 100 has been mounted on the recording/reproductionapparatus 20A by examining the ‘disc in drive’ field included in theget-disc-status command.

[0556] If the mini disc 100 has not been mounted on therecording/reproduction apparatus 20A, the processing of the personalcomputer 1 goes back from the step F182 to the step F181 to againtransmit a get-disc-status control command for acquiring status of themini disc 100.

[0557] Assume for example that the mini disc 100 has not been mounted onthe recording/reproduction apparatus 20A. In this case, the personalcomputer 1 transmits a get-disc-status control command for acquiringstatus of the mini disc 100 to the recording/reproduction apparatus 20Aat predetermined time intervals of typically 1 second.

[0558] As the state of the mini disc 100 being mounted on therecording/reproduction apparatus 20A is confirmed, the personal computer1 opens descriptors and transmits a get-disc-name control command shownin FIG. 35 at the step F183 in order to acquire the name of the minidisc 100.

[0559] Receiving the get-disc-name control command, the system controlunit 32 employed in the recording/reproduction apparatus 20A obtains adisc name recorded in U-TOC sector 1 of the mini disc 100. Then, at thestep F282, the system control unit 32 creates a get-disc-name responsecommand shown in FIG. 36 and transmits the get-disc-name responsecommand to the personal computer 1 in response to the get-disc-namecontrol command. Receiving the response, the personal computer 1 closesthe descriptors.

[0560] As shown in FIG. 36, the transmitted get-disc-name responsecommand includes an ‘N-Bytes Disc Title Text’ field at offset bytes 19 hto (19+N)h. The ‘N-Bytes Disc Title Text’ field is used for storing anN-byte text describing the disc name fetched from U-TOC sector 1. SymbolN representing the number of bytes composing the disc name is describedin a ‘primary field length’ field at offset bytes 17 h and 18 h.

[0561] By examining the ‘N-Bytes Disc Title Text’ field of theget-disc-name response command, the personal computer 1 is capable ofknowing the name of the mini disc 100 mounted on therecording/reproduction apparatus 20A.

[0562] At a step F184, the personal computer 1 opens descriptors andtransmits a get-disc-capacity-information control command shown in FIG.37 to the recording/reproduction apparatus 20A in order to acquire themedia capacity.

[0563] Receiving the get-disc-capacity-information control command, thesystem control unit 32 employed in the recording/reproduction apparatus20A obtains information recorded in U-TOC sector 0 of the mini disc 100.Then, at the step F283, the system control unit 32 creates aget-disc-capacity-information response command shown in FIGS. 38 and 39,transmitting the get-disc-capacity-information response command to thepersonal computer 1 in response to the get-disc-capacity-informationcontrol command. Receiving the response, the personal computer 1 closesthe descriptors.

[0564] As shown in FIGS. 38 and 39, the transmittedget-disc-capacity-information response command includes fields named‘Hours’, ‘Minutes’, ‘Seconds’ and ‘Frames’ at offset bytes 1Bh to 1Fh.These fields show a total performance time expressed in terms of hours,minutes, seconds and frames. The number of bytes composing the fieldsnamed ‘Hours’, ‘Minutes’, ‘Seconds’ and ‘Frames’ is stored in a ‘totalplayback capacity length’ field at offset bytes 19 h and 1Ah. The numberof bytes is the data size of the fields named Hours, Minutes, Secondsand Frames. It is to be noted that the total performance time is thelength of time it takes to reproduce the entire content data from themini disc 100.

[0565] In addition, fields also named Hours, Minutes, Seconds and Framesare provided at offset bytes 22 h to 26 h. These fields show a maximumrecording time expressed in terms of ‘Hours’, ‘Minutes’, ‘Seconds’ and‘Frames’. The number of bytes composing these fields named Hours,Minutes, Seconds and Frames is stored in a ‘maximum recording capacitylength’ field at offset bytes 20 h and 21 h. The number of bytes is thedata size of the fields named Hours, Minutes, Seconds and Frames. It isto be noted that the maximum recording time is the length of time ittakes to reproduce data accommodated in the total capacity of the minidisc 100.

[0566] Furthermore, fields also named Hours, Minutes, Seconds and Framesare provided at offset bytes 29 h to 2Dh. These fields show a remainingtime expressed in terms of ‘Hours’, ‘Minutes’, ‘Seconds’ and ‘Frames’.The number of bytes composing these fields named Hours, Minutes, Secondsand Frames is stored in a ‘remaining recording capacity length’ field atoffset-bytes 27 h and 28 h. The number of bytes is the data size of thefields named Hours, Minutes, Seconds and Frames. It is to be noted thatthe remaining time is a remaining recording time during which data canbe recorded onto the mini disc 100. That is to say, the remaining timeis a difference obtained as a result of a subtraction of the totalperformance time from the maximum recording time.

[0567] By examining the fields of the get-disc-capacity-informationresponse command, the personal computer 1 is capable of knowing thetotal performance, the maximum recording time and the remaining time asinformation on the storage capacity of the mini disc 100 mounted on therecording/reproduction apparatus 20A.

[0568] Then, at a step F185, the personal computer 1 opens descriptorsand transmits a get-number-of-audio-tracks control command shown in FIG.40 in order to acquire a track number.

[0569] Receiving the get-number-of-audio-tracks control command, thesystem control unit 32 employed in the recording/reproduction apparatus20A obtains information recorded in U-TOC sector 0 of the mini disc 100.Then, at the step F284, the system control unit 32 creates aget-number-of-audio-tracks response command shown in FIG. 41,transmitting the get-number-of-audio-tracks response command to thepersonal computer 1 in response to the get-number-of-audio-trackscontrol command. Receiving the response, the personal computer 1 closesthe descriptors.

[0570] As shown in FIG. 41, the transmitted get-number-of-audio-tracksresponse command includes a ‘number of items’ field positioned at offsetbytes 17 h and 18 h. This field shows the number of tracks or contentsrecorded on the mini disc 100.

[0571] By examining the ‘number of items’ field of the transmittedget-number-of-audio-tracks response command, the personal computer 1 iscapable of knowing the number of tracks or contents recorded on the minidisc 100, which is mounted on the recording/reproduction apparatus 20A.

[0572] Then, the processing of the personal computer 1 goes on to thestep F186 shown in FIG. 30 to acquire information on tracks.

[0573] First of all, at the step F186, the personal computer 1 opensdescriptors and transmits a get-audio-track-name control command shownin FIG. 42 to the recording/reproduction apparatus 20A in order toacquire the name of track #x. The transmitted get-audio-track-namecontrol command includes an ‘object position’ field at offset bytes 07 hand 08 h. The ‘object position’ field specifies the number (#x) of atrack on the mini disc 100.

[0574] Receiving the get-audio-track-name control command, the systemcontrol unit 32 employed in the recording/reproduction apparatus 20Aobtains the name of track #x from U-TOC sector 1 and, at the step F285,transmits a get-audio-track-name response command shown in FIG. 43 tothe personal computer 1 in response to the get-audio-track-name controlcommand.

[0575] As shown in FIG. 43, the get-audio-track-name response commandincludes an object position′ field at offset bytes 07 h and 08 h. The‘object position’ field shows the number of the track on the mini disc100. The get-audio-track-name response command also includes an ‘M-BytesAudio Track Title Text’ field at offset bytes 19 h to (19+M)h. The‘M-Bytes Disc Title Text’ field is used for storing an M-byte textdescribing the track name fetched from U-TOC sector 1. Symbol Mrepresenting the number of bytes composing the track name is describedin a ‘primary field length’ field at offset bytes 17 h and 18 h.

[0576] By examining the ‘M-Bytes Disc Title Text’ field of theget-disc-name response command, the personal computer 1 is capable ofknowing the name of track #x recorded on the mini disc 100 mounted onthe recording/reproduction apparatus 20A.

[0577] Then, without closing the descriptors, the personal computer 1carries out processing to acquire attributes of a track specified in the‘object position’ field. To put it in detail, at the step F187, thepersonal computer 1 transmits a get-audio-track-info control command tothe recording/reproduction apparatus 20A in order to acquire attributesof track #x.

[0578] The get-audio-track-info control command includes aread-info-block-for-track-attributes control command shown in FIG. 44, aread-info-block-for-track-mode control command shown in FIG. 46 and aread-info-block-for-track-size control command shown in FIG. 48.

[0579] In response to the read-info-block-for-track-attributes controlcommand, the read-info-block-for-track-mode control command and theread-info-block-for-track-size control command, the system control unit32 employed in the recording/reproduction apparatus 20A transmitsrespectively a read-info-block-for-track-attributes response commandshown in FIG. 45, a read-info-block-for-track-mode response commandshown in FIG. 47 and a read-info-block-for-track-size response commandshown in FIG. 49 to the personal computer 1.

[0580] The read-info-block-for-track-attributes control command shown inFIG. 44 is a request for write protect information for the trackspecified in an ‘object position’ field.

[0581] In response to this read-info-block-for-track-attributes controlcommand, the system control unit 32 obtains the track's mode from U-TOCsector 0 and issues a read-info-block-for-track-attributes responsecommand shown in FIG. 45. The write protect information for the trackspecified in an ‘object position’ field is extracted from the track modeand included in a ‘disc sub-unit object attributes’ field at an offsetbyte 0Fh.

[0582] The personal computer 1 recognizes that track #x is in a lockedstate (write-protect state) as evidenced by this field set at 01h orthat track #x is in an unlocked state as evidenced by this field set atOh.

[0583] The read-info-block-for-track-mode control command shown in FIG.46 is a request for information including a sampling rate of the trackspecified in an ‘object position’ field.

[0584] In response to this read-info-block-for-track-mode controlcommand, the system control unit 32 issues aread-info-block-for-track-mode response command shown in FIG. 47.

[0585] In the field read-info-block-for-track-mode response command, thesampling frequency of the track specified in the ‘object position’ fieldis shown in an ‘audio recording sample rate’ field provided at an offsetbyte 19 h.

[0586] A quantization bit count is shown in an ‘audio recording samplesize’ field provided at an offset byte 1Ah. A compression mode is set inan ‘audio recording compression mode’ field provided at an offset byte1Bh. The compression mode can be the ATRAC or ATRAC3 mode.

[0587] Channel information indicating either stereo or monothonic isshown in an ‘audio recording channel mode’ field provided at an offsetbyte 1Ch.

[0588] Thus, the personal computer 1 is capable of knowing informationfor track #x from the fields described above. The information includesthe sampling frequency, the quantization bit count, the compression modeand the channel mode.

[0589] The read-info-block-for-track-size control command shown in FIG.48 is a request for a data size of the track specified in an ‘objectposition’ field.

[0590] In response to this read-info-block-for-track-size controlcommand, the system control unit 32 issues aread-info-block-for-track-size response command shown in FIG. 49.

[0591] The read-info-block-for-track-size response command includesfields named ‘Hours’, ‘Minutes’, ‘Seconds’ and ‘Frames’ at offset bytes1Ah to 1Eh. These fields show a data size expressed in terms of hours,minutes, seconds and frames. The personal computer 1 is capable ofknowing the data size for track #x from these fields.

[0592] By exchanging the control commands and the response commands atthe steps F186, F187, F285 and F286, the personal computer 1 is capableof obtaining one track's name and attributes. The operations ofexchanging the control commands and the response commands are repeatedfor each track recorded on the mini disc 100. At the step F188, thepersonal computer 1 forms a judgment as to whether or not names andattributes have been acquired for all tracks recorded on the mini disc100. If names and attributes have not been acquired for all tracks, theprocessing goes back to the step F186 to repeat the operations. At thestep F186, the track number specified in the ‘object position’ field ischanged to another number indicating another track for which a name andattributes are to be acquired next.

[0593] As names and attributes have been acquired for all tracks, thedescriptors are closed to end the sequential processing. The number oftracks for which names and attributes are acquired was requested at thestep F185 and obtained at the step F284.

[0594] It is to be noted that, in the operations of exchanging thecontrol commands and the response commands, descriptors are not openedand closed for each track specified in the ‘object position’ field.Thus, the length of time it takes to acquire track names and trackattributes can be shortened.

[0595] As described above, in this embodiment, when therecording/reproduction apparatus 20A is connected to the personalcomputer 1, the personal computer 1 is capable of obtaining informationon a mini disc 100 mounted on the recording/reproduction apparatus 20A.The information includes a media name, the media capacity, the number oftracks (or a content-data count), the name of each track, write-protectdata, the mode data of each track and the size of each track. Thecapacity includes a total performance time, a maximum recording time anda remaining time. The mode data includes a sampling frequency, aquantization bit count, a compression mode and a channel mode.

[0596] As described above, by acquiring the information on the mini disc100 used as a secondary recording medium to serve as acheck-out/check-in target from now on, an application running on thepersonal computer 1 is capable of carrying out various kinds ofprocessing described below.

[0597] In the first place, the information on the mini disc 100 used asa secondary recording medium can be displayed as an application screenappearing on a monitor of the personal computer 1. Thus, it is possibleto display the title of the mini disc 100, a total performance time, amaximum recording time, a remaining time and the number of tracks. Onthe display screen, tracks are displayed as their track names along withthe size of each track and other information for each track. As aresult, proper information can be displayed to the user.

[0598] In the second place, when content data stored in the HDD 5 ischecked out, the size of the content data is compared with the remainingtime of the mini disc 100 to form a judgment as to whether or not thefree area of the mini disc 100 can be used for accommodating thecheck-out. If the result of the judgment indicates that the free area ofthe mini disc 100 can be used for accommodating the check-out, thecheck-out processing shown in FIGS. 17 and 18 is carried out.

[0599] In the third place, if a plurality of contents is specified ascheck-out objects and the free area of the mini disc 100 cannot be usedfor accommodating the check-out objects, check-out processing for onlysome of the requested contents can be carried out.

[0600] It is needless to say that the information displayed on themonitor also serves as a guide when the user specifies a check-in. Inaddition, a check-in increases the size of a free area in the mini disc100. It is then nice to allocate the free area with an increased size tocontent data specified as a check-out object.

[0601] That is to say, by obtaining information on the secondaryrecording medium, proper operations can be carried out in the datatransfer system.

[0602] A preferred embodiment has been described so far. However, thescope of the present invention is not limited to the embodiment.

[0603] That is to say, it is possible to provide a variety of versionswithin a range of essentials of the present invention by changing thedata transfer system's operations including the encryption, the datapaths, the check-out/check-in techniques, the authentication technique,the content-ID generation technique, the content-ID management techniqueand the technique to acquire information on a secondary recordingmedium.

[0604] In addition, the present invention does not limit the object ofthe data transfer processing from a primary recording medium to asecondary recording medium as described above to an SDMI content.Instead, the data transfer processing can be applied widely to variouskinds of content data. Furthermore, the primary recording medium can bea medium other than the HDD.

[0605] It is needles to say that the secondary recording medium is notlimited to a mini disc and the recording/reproduction apparatus 20A isnot limited to a mini-disc recording apparatus. Instead, the secondaryrecording medium can be of one of different types. For example, as themini disc 100, it is possible to employ another medium such as a CD-R, aCD-RW, a DVD-RAM, a DVD-R, a DVD-RW or one of a variety of memory cards.Thus, as the recording/reproduction apparatus 20A, a recording apparatusfor the other medium can be used.

[0606] As is obvious from the above description, in accordance with thepresent invention, the data transfer apparatus (or theprimary-recording-medium apparatus) is capable of requesting thedata-recording apparatus (or the secondary-recording-medium apparatus)to transmit information on the secondary recording medium serving as acheck-out destination and acquiring required information even if, as thesecondary recording medium, a medium adopting its own unique managementtechnique as is the case with a mini disc is employed.

[0607] In particular, the information on a secondary recording mediumincludes information indicating whether or not the secondary recordingmedium has been mounted on the data-recording apparatus, the name of thesecondary recording medium, the name of each content data stored in thesecondary recording medium, the capacity of the secondary recordingmedium, the number of contents recorded on the secondary recordingmedium and attributes of each content data recorded on the secondaryrecording medium.

[0608] From the information on the secondary recording medium, prior toa check-out or a transfer of content data from a primary recordingmedium to a secondary recording medium, it is thus possible toaccurately form judgments as to whether or not the check-out can beimplemented, the content data to be checked out is proper and thecontent data is appropriate for the check-out. As a result, there isexhibited an effect of implementation of a proper transfer operation.

[0609] In addition, by acquiring information on a secondary recordingmedium, an application running on the data transfer apparatus is capableof presenting the information on the secondary recording medium to theuser as guidance information.

[0610] It is needless to say that, since content data is recorded on thesecondary recording medium in an unencrypted state, compatibility withthe conventional apparatus can be obtained and, at the same time, acopyright can be protected. This is because an authentication process iscarried out and a usage rule is checked for a check-out.

[0611] The above effects are beneficial to the user and, in addition, itis possible to provide the user with a data transfer system, which iseasy to use.

1. A data transfer system including a data transfer apparatus and adata-recording apparatus wherein: said data transfer apparatuscomprises: primary-recording-medium drive means for recording andreproducing data onto and from a primary recording medium; storagecontrol means for controlling said primary-recording-medium drive meansto store content data onto said primary recording medium in an encryptedstate; communication means for carrying out a variety of datacommunications including transfers of content data with saiddata-recording apparatus; command-transmission control means for drivingsaid communication means to transmit a command for making a request forinformation on a secondary recording medium mounted on saiddata-recording apparatus to said data-recording apparatus; andinformation-obtaining means for obtaining information on said secondaryrecording medium from said data-recording apparatus, whereas saiddata-recording apparatus comprises: communication means for carrying outdata communications including exchanges of content data with said datatransfer apparatus; secondary-recording-medium drive means for recordingand reproducing data onto and from said secondary recording medium;decryption means for decrypting encrypted content data received fromsaid data transfer apparatus, putting said content data in anunencrypted state; recording control means for controlling saidsecondary-recording-medium drive means to record said encrypted contentdata decrypted by said decryption means onto said secondary recordingmedium; and information-transmission control means for requesting saidcommunication means to transmit information on said secondary recordingmedium to said data transfer apparatus in accordance with a commandreceived from said data transfer apparatus requesting said information.2. A data transfer system according to claim 1, wherein said informationon said secondary recording medium is information indicating whether ornot said secondary recording medium has been mounted on saiddata-recording apparatus.
 3. A data transfer system according to claim1, wherein said information on said secondary recording medium is a nameof said secondary recording medium mounted on said data-recordingapparatus or a name of each content data recorded on said secondaryrecording medium.
 4. A data transfer system according to claim 1,wherein said information on said secondary recording medium is acapacity of said secondary recording medium mounted on saiddata-recording apparatus.
 5. A data transfer system according to claim1, wherein said information on said secondary recording medium is thenumber of contents stored on said secondary recording medium mounted onsaid data-recording apparatus.
 6. A data transfer system according toclaim 1, wherein said information on said secondary recording medium isattributes of each content data recorded on said secondary recordingmedium mounted on said data-recording apparatus.
 7. A data transfersystem according to claim 1, wherein said data transfer apparatus formsa judgment as to whether or not data content stored in said primaryrecording medium should be transmitted to said data-recording apparatuson the basis of said information on said secondary recording medium,which is information obtained by said information-obtaining means.
 8. Adata transfer apparatus comprising: primary-recording-medium drive meansfor recording and reproducing data onto and from a primary recordingmedium; storage control means for controlling saidprimary-recording-medium drive means to store content data onto saidprimary recording medium in an encrypted state; communication means forcarrying out a variety of data communications including transfers ofcontent data with an external data-recording apparatus which performsrecording and reproducing said content data onto and from a secondaryrecording medium; command-transmission control means for driving saidcommunication means to transmit a command for making a request forinformation on a secondary recording medium mounted on saiddata-recording apparatus to said data-recording apparatus; andinformation-obtaining means for obtaining information on said secondaryrecording medium from said data-recording apparatus.
 9. A data transferapparatus according to claim 8, wherein said information on saidsecondary recording medium is information indicating whether or not saidsecondary recording medium has been mounted on said data-recordingapparatus.
 10. A data transfer apparatus according to claim 8, whereinsaid information on said secondary recording medium is a name of saidsecondary recording medium mounted on said data-recording apparatus or aname of each content data recorded on said secondary recording medium.11. A data transfer apparatus according to claim 8, wherein saidinformation on said secondary recording medium is a capacity of saidsecondary recording medium mounted on said data-recording apparatus. 12.A data transfer apparatus according to claim 8, wherein said informationon said secondary recording medium is the number of contents stored onsaid secondary recording medium mounted on said data-recordingapparatus.
 13. A data transfer apparatus according to claim 8, whereinsaid information on said secondary recording medium is attributes ofeach content data recorded on said secondary recording medium mounted onsaid data-recording apparatus.
 14. A data transfer apparatus accordingto claim 8, wherein said data transfer apparatus forms a judgment as towhether or not data content stored in said primary recording mediumshould be transmitted to said data-recording apparatus on the basis ofsaid information on said secondary recording medium, which isinformation obtained by said information-obtaining means.
 15. Adata-recording apparatus comprising: communication means for carryingout data communications including exchanges of content data with anexternal data transfer apparatus; secondary-recording-medium drive meansfor recording and reproducing data onto and from a secondary recordingmedium; decryption means for decrypting encrypted content data receivedfrom said data transfer apparatus, putting said content data in anunencrypted state; recording control means for controlling saidsecondary-recording-medium drive means to record said encrypted contentdata decrypted by said decryption means onto said secondary recordingmedium; and information-transmission control means for requesting saidcommunication means to transmit information on said secondary recordingmedium to said data transfer apparatus in accordance with a commandreceived from said data transfer apparatus requesting said information.16. A data-recording apparatus according to claim 15, wherein saidinformation-transmission control means transmits information indicatingwhether or not said secondary recording medium has been mounted on saiddata-recording apparatus to said data transfer apparatus as saidinformation on said secondary recording medium as requested by said datatransfer apparatus.
 17. A data-recording apparatus according to claim15, wherein said information-transmission control means transmits a nameof said secondary recording medium mounted on said data-recordingapparatus or a name of each content data recorded on said secondaryrecording medium to said data transfer apparatus as said information onsaid secondary recording medium as requested by said data transferapparatus.
 18. A data-recording apparatus according to claim 15, whereinsaid information-transmission control means transmits a capacity of saidsecondary recording medium mounted on said data-recording apparatus tosaid data transfer apparatus as said information on said secondaryrecording medium as requested by said data transfer apparatus.
 19. Adata-recording apparatus according to claim 15, wherein saidinformation-transmission control means transmits the number of contentsstored on said secondary recording medium mounted on said data-recordingapparatus to said data transfer apparatus as said information on saidsecondary recording medium as requested by said data transfer apparatus.20. A data-recording apparatus according to claim 15, wherein saidinformation-transmission control means transmits attributes of eachcontent data recorded on said secondary recording medium mounted on saiddata-recording apparatus to said data transfer apparatus as saidinformation on said secondary recording medium as requested by said datatransfer apparatus.
 21. A data transfer method adopted by a datatransfer apparatus forming a transfer system wherein: said data transferapparatus has a primary recording medium used for storing encryptedcontent data; a data-recording apparatus is employed; saiddata-recording apparatus is capable of recording and reproducing saidcontent data onto and from a secondary recording medium in anunencrypted state; and said data transfer apparatus is connected to saiddata-recording apparatus so that said data transfer apparatus and saiddata-recording apparatus are capable of communicating with each other,said data transfer method comprising: a confirmation procedure forconfirming that said secondary recording medium has been mounted ontosaid data-recording apparatus; an information acquisition procedure foracquiring information on said secondary recording medium mounted on saiddata-recording apparatus from said data-recording apparatus; anauthentication procedure for confirming that said data-recordingapparatus is indeed an apparatus serving as a valid destination of atransfer of said content data stored in said primary recording medium; ajudgment procedure for forming a judgment as to whether or not saidcontent data stored in said primary recording medium should-betransferred to said data-recording apparatus on the basis of anauthentication result produced by said authentication procedure; and atransfer procedure for transferring said content data to saiddata-recording apparatus in accordance with a result of said judgmentformed by said judgment procedure.
 22. A data transfer method accordingto claim 21, wherein said information acquisition procedure is executedto acquire a name of said secondary recording medium mounted on saiddata-recording apparatus or a name of each content data recorded on saidsecondary recording medium from said data-recording apparatus as saidinformation on said secondary recording medium.
 23. A data transfermethod according to claim 21, wherein said information acquisitionprocedure is executed to acquire a capacity of said secondary recordingmedium mounted on said data-recording apparatus from said data-recordingapparatus as said information on said secondary recording medium.
 24. Adata transfer method according to claim 21, wherein said informationacquisition procedure is executed to acquire the number of contentsrecorded on said secondary recording medium mounted on saiddata-recording apparatus from said data-recording apparatus as saidinformation on said secondary recording medium.
 25. A data transfermethod according to claim 21, wherein said information acquisitionprocedure is executed to acquire attributes of each content datarecorded on said secondary recording medium from said data-recordingapparatus as said information on said secondary recording medium.